"Android's First Security Updates for 2023 Patch 60 Vulnerabilities"

Google recently announced the first Android security updates for 2023, which patch a total of 60 vulnerabilities.  The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components.  Google noted that the most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed.  A total of 11 elevation of privilege bugs were resolved in the Framework component this month, along with three denial-of-service (DoS) issues.  Five other elevation of privilege vulnerabilities were addressed in the System component.  The second part of this month’s security update, which arrives on devices as the 2023-01-05 security patch level, addresses 41 vulnerabilities in Kernel and third-party components.  Google noted that the most important of these vulnerabilities are four critical-severity flaws in Kernel and Kernel components, all leading to remote code execution (RCE).  Two high-severity elevation of privilege bugs were also addressed in Kernel and Kernel components.  Google stated that the 2023-01-05 security patch level also fixes vulnerabilities in Kernel LTS (1 bug), Imagination Technologies components (1), MediaTek components (3), Unisoc components (13), Qualcomm components (2), and Qualcomm closed-source components (15).  Google noted that a security patch level of 2023-01-05 addresses all issues resolved with this and previous Android security updates.  

SecurityWeek reports: "Android's First Security Updates for 2023 Patch 60 Vulnerabilities"