Google released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.
This month’s update fixes 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities affecting third-party components addressed in patch level 2022-12-05.
The four critical-severity vulnerabilities addressed in this month’s update are:
- CVE-2022-20472 – Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.
- CVE-2022-20473 – Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.
- CVE-2022-20411 – Remote code execution flaw in the Android system, impacting Android versions 10 to 13.
- CVE-2022-20498 – Information disclosure flaw in the Android system, impacting Android versions 10 to 13.
Other vulnerabilities patched involve elevation of privilege (EoP), remote code execution, information disclosure, and denial of service issues.
High-severity EoP flaws are typically exploited by malware that sneaks into a device through a low-privilege route, such as installing malware masquerading as a harmless app.
That said, applying the available update as soon as it’s available for your device is crucial, even if none of the flaws are currently reported as actively exploited.
If your device no longer receives monthly Android security updates or is running Android 9 or earlier, you are officially out of support.
In these cases, it is advisable to upgrade to a newer device or install a custom ROM based on a later version of Android, such as LineageOS.
Owners of Google Pixel devices also received a major security update this month, which fixes a total of 16 critical-severity flaws in various components.
These critical vulnerabilities allow attackers to elevate privileges or information disclosure on target devices.
More details on the December 2022 Pixel Update can be found on the dedicated security bulletin for Google’s own range of smartphones.