Google released its December 2022 Android security update, which fixes four vulnerabilities of critical severity, and also addresses a flaw that allows remote code execution via Bluetooth.
This month’s update fixes 45 vulnerabilities in core Android components at patch level 2022-12-01 and 36 in third-party components that are addressed at patch level 2022-12.05.
The mentions that “the most serious of these problems is a critical security flaw in the System component which could lead to remote execution over Bluetooth without any additional execution privileges required.”
These are the four vulnerabilities of critical severity that were addressed in the update this month:
- CVE-2022–20472 Remote code execution flaw with Android Framework. It affects Android version 10 through 13.
- CVE-2022–20473 Remote code execution flaw with Android Framework. It affects Android version 10 through 13.
- CVE-2022–20411 Remote code execution flaw with Android System. It affects Android version 10 through 13.
- CVE-2022–20498 Information disclosure flaw in Android System. It affects Android version 10 through 13.
Rest of the vulnerabilities are remote code execution, elevation of privileges, denial-of-service problems, information disclosure and remote code execution.
Malware can be used to exploit the high-severity EoP flaws. This is done by sneaking malware into devices via low-privilege pathways, like installing malicious software disguised as an innocent app.
However, it is important to apply the latest update for your device as soon as possible, even though none of these flaws have been reported as being actively exploited.
You are out of support if your device does not receive monthly Android security updates, or uses Android 9 and older.
These cases are when you should upgrade or install a customized ROM that is based on an older Android version such as LineageOS.
Google Pixel owners have received an important security update, this month. It addresses 16 vulnerabilities in different components.
These vulnerabilities are critical and allow attackers to gain privileges on target devices or disclose information.
You can find more information about the Pixel December 2022 Update on the Google’s smartphone range.