Headline
Android Serves Up a Slew of Security Updates, 4 Critical
Out of more than 80 flaws fixed this month, the most critical was a system component bug that could allow RCE over Bluetooth.
Android’s Framework, Kernel, and Google Play were among components that received security updates this month, but the most severe was a critical bug in the System component that, if exploited, could allow remote code execution (RCE) over Bluetooth, without any escalation privileges required.
In addition to the System vulnerability, tracked under CVE-2022-20411, there are three additional critical flaws addressed by Android this month, including an ID bug in the System component (CVE-2022-20498) and two critical RCE bugs in the Framework component (CVE-2022, 20472 and CVE-2022-20473).
In total, the Android security update addressed more than 80 vulnerabilities.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe
Related news
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606
Categories: Android Categories: Exploits and vulnerabilities Categories: News Google has issued its December round of patches, which includes a fix for a critical vulnerability that allows RCE over Bluetooth (Read more...) The post Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth appeared first on Malwarebytes Labs.