"Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates"
Google recently announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws. The most severe of the RCE bugs is CVE-2022-20411, an issue in Android’s System component that could be exploited over Bluetooth. Two other critical-severity RCE flaws (CVE-2022-20472 and CVE-2022-20473) were resolved in the Framework component. Google also patched a critical information disclosure (CVE-2022-20498) in the System component. Google noted that all four issues were resolved as part of the 2022-12-01 security patch level, which addresses a total of 41 vulnerabilities in Android Runtime (1), Framework (20), Media framework (1), and System (19). Most of the addressed security defects are high-severity flaws, with escalation of privilege being the most common type. Information disclosure and denial-of-service (DoS) issues were also resolved. Google noted that an additional 35 high-severity vulnerabilities were resolved as part of the 2022-12-05 security patch level in Kernel, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components. Devices using a security patch level of 2022-12-05 or newer include patches for all the vulnerabilities above and those resolved with previous Android security updates. Google stated that a total of 151 Pixel-specific vulnerabilities were resolved this month. Most of the bugs are medium-severity escalation of privilege issues, with numerous information disclosure bugs addressed as well. Pixel devices running a security patch level of 2022-12-05 include patches for all vulnerabilities described in the December 2022 Android security bulletin and the 151 bugs mentioned above.