New Update Android December 2022 security updates fix 81 vulnerabilities

Gandalf_The_Grey

Level 75
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,437
Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.

This month’s update addresses 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addressed in patch level 2022-12-05.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed,” mentions the security bulletin.
The four critical-severity vulnerabilities addressed in this month’s update are:
  • CVE-2022-20472 – Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.
  • CVE-2022-20473 – Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.
  • CVE-2022-20411 – Remote code execution flaw in Android System, impacting Android versions 10 to 13.
  • CVE-2022-20498 – Information disclosure flaw in Android System, impacting Android versions 10 to 13.
The rest of the fixed vulnerabilities involve elevation of privileges (EoP), remote code execution, information disclosure, and denial of service problems.

The high-severity EoP flaws are typically exploited by malware sneaking into a device via a low-privilege pathway, such as installing malicious software masquerading as an innocuous app.

That said, applying the available update as soon as it becomes available for your device is crucial, even if none of the flaws are currently reported as actively exploited.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top