Google has released its Android Security Bulletin for December 2022 with details of security vulnerabilities (four rated Critical severity) affecting Android devices.
An attacker could exploit these vulnerabilities to take control of impacted systems.
The Android update addressed 80 vulnerabilities affecting smartphones, to include four Critical severity flaws:
- CVE-2022-20472: Framework Remote Code Execution
- CVE-2022-20473: Framework Remote Code Execution
- CVE-2022-20411: System Remote Code Execution
- CVE-2022-20498: System Information Disclosure.
According to the Android Security Bulletin, Google warned each of the Framework related vulnerabilities “could lead to remote code execution with no additional execution privileges needed.”
Moreover, the most severe of the Critical issues, CVE-2022-20411, “could lead to remote code execution over Bluetooth with no additional execution privileges needed.”
Additional High severity issues were addressed in Android Runtime, Android Media Framework, Google Play system updates, and other components.
Security patch levels of 2022-12-05 or later address all of these issues.