Google announced this week the December 2022 Android updates, which include fixes for more than 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws.
CVE-2022-20411, an issue in Android’s System component that could be exploited via Bluetooth, is the most serious of the RCE bugs. “The most serious of these issues is a critical security vulnerability in the System component that could result in remote code execution over Bluetooth with no additional execution privileges required,” Google says in its advisory.
Also Read: Analyzing CISA’s Cross-Industries Cybersecurity Performance Objectives
The Framework component also fixed two other critical-severity RCE flaws (CVE-2022-20472 and CVE-2022-20473). In addition, Google patched a critical information disclosure vulnerability (CVE-2022-20498) in the System component.
Read More: Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates
