Google has released December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical RCE flaws.
The most critical of the bug is CVE-2022-20411, an issue in Android’s system component that could be exploited over Bluetooth.
The next two critical severity RCE flaws tracked as CVE-2022-20472 and CVE-2022-20473 were resolved in the Framework component. Google also patched a critical information disclosure CVE-2022-20498 in the system component.
An additional 35 high-severity vulnerabilities were resolved as part of the 2022-12-05 security patch level, in Kernel, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.
Devices using a security patch level of 2022-12-05 or newer include patches for all the vulnerabilities above, as well as for those resolved with previous Android security updates.
Overall, 151 Pixel-specific vulnerabilities were resolved this month. Most of the bugs are medium severity escalation of privilege issues, with numerous information disclosure bugs addressed as well.