Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates

Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws.

The most severe of the RCE bugs is CVE-2022-20411, an issue in Android’s System component that could be exploited over Bluetooth.

Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws.

The most severe of the RCE bugs is CVE-2022-20411, an issue in Android’s System component that could be exploited over Bluetooth.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed,” Google explains in its advisory.

Two other critical-severity RCE flaws (CVE-2022-20472 and CVE-2022-20473) were resolved in the Framework component. Google also patched a critical information disclosure (CVE-2022-20498) in the System component.

All four issues were resolved as part of the 2022-12-01 security patch level, which addresses a total of 41 vulnerabilities in Android Runtime (1), Framework (20), Media framework (1), and System (19).

Most of the addressed security defects are high-severity flaws, with escalation of privilege being the most common type. Information disclosure and denial-of-service (DoS) issues were also resolved.

An additional 35 high-severity vulnerabilities were resolved as part of the 2022-12-05 security patch level, in Kernel, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.

Devices using a security patch level of 2022-12-05 or newer include patches for all the vulnerabilities above, as well as for those resolved with previous Android security updates.

Advertisement. Scroll to continue reading.

A total of 151 Pixel-specific vulnerabilities were resolved this month, Google announced. Most of the bugs are medium-severity escalation of privilege issues, with numerous information disclosure bugs addressed as well.

Pixel devices running a security patch level of 2022-12-05 include patches for all vulnerabilities described in the December 2022 Android security bulletin, as well as for the 151 bugs mentioned above.

Google’s December 2022 Android Automotive OS (AAOS) update bulletin describes eight AAOS vulnerabilities that have been resolved alongside the flaws addressed with a security patch level of 2022-12-05 from the December 2022 Android security bulletin.

Related: Google Patches High-Severity Privilege Escalation Vulnerabilities in Android

Related: Android Security Updates Patch Critical Vulnerabilities

Related: Google Patches Critical Vulnerabilities in Pixel Phones

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights