Android’s December safety replace fixes over 80 safety vulnerabilities affecting smartphones – together with 4 flaws classed as vital.
In keeping with Google’s Android safety bulletin for December 2022, essentially the most extreme vulnerability is one in Android’s System element which might enable attackers to remotely execute code over Bluetooth with out the necessity for machine permissions.
The 4 vital vulnerabilities have an effect on Android variations 10 to 13. Two of them – CVE-2022-20411 and CVE-2022-20498 – are within the System element of the Android working system, whereas the opposite two – CVE-2022-20472 and CVE-2022-20473 – are in Android’s utility framework and will enable attackers to remotely execute code with no further execution privileges wanted.
Google hasn’t but offered full particulars about how precisely the vulnerabilities work. That follows the corporate’s normal procedures of not disclosing info on how assaults happen in an effort to keep away from offering attackers clear directions on learn how to exploit the vulnerabilities earlier than customers are protected by the newest replace – which customers are urged to use as quickly as attainable.
Additionally: Cybersecurity: These are the brand new issues to fret about in 2023
“Exploitation for a lot of points on Android is made tougher by enhancements in newer variations of the Android platform. We encourage all customers to replace to the newest model of Android the place attainable,” stated the Android safety bulletin.
Android software program updates and safety patches must be routinely downloaded onto gadgets. If auto obtain is not turned on, you’ll be able to seek for and obtain the newest safety patch below software program replace settings. Customers may also examine which model of Android they’re utilizing in telephone settings.
Among the many different safety points which the newest Android replace fixes are a excessive severity vulnerability in Android Runtime (CVE-2022-20502) and a excessive severity vulnerability in Media Framework (CVE-2022-20496) – each might result in native info disclosure with out an attacker needing further privileges. A excessive severity vulnerability within the Kernal (CVE-2022-23960) might additionally result in the identical difficulty.
The total listing of vulnerabilities is out there on the Android Safety Bulletin for December 2022.
Whereas there is not any indication that any of the vulnerabilities have but been utilized by cyber criminals, making use of the safety replace as quickly as attainable will assist customers keep protected against assaults.
MORE ON CYBERSECURITY
