Android security update fixes more than 80 security vulnerabilities - including four critical - ZDNet

Image: Getty/Guido Mieth

Android's December information update fixes implicit 80 information vulnerabilities affecting smartphones – including 4 flaws classed arsenic critical. 

According to Google's Android information bulletin for December 2022, the astir terrible vulnerability is 1 successful Android's System constituent which could let attackers to remotely execute codification implicit Bluetooth without the request for instrumentality permissions.  

The 4 captious vulnerabilities impact Android versions 10 to 13. Two of them - CVE-2022-20411 and CVE-2022-20498 – are successful the System constituent of the Android operating system, portion the different 2 – CVE-2022-20472 and CVE-2022-20473 – are successful Android's exertion model and could let attackers to remotely execute codification with nary further execution privileges needed. 

Google hasn't yet provided afloat details astir however precisely the vulnerabilities work. That follows the company's accustomed procedures of not disclosing accusation connected however attacks instrumentality spot successful bid to debar providing attackers wide instructions connected however to exploit the vulnerabilities earlier users are protected by the latest update - which users are urged to use arsenic soon arsenic possible. 

Also: Cybersecurity: These are the caller things to interest astir successful 2023   

"Exploitation for galore issues connected Android is made much hard by enhancements successful newer versions of the Android platform. We promote each users to update to the latest mentation of Android wherever possible," said the Android information bulletin. 

Android bundle updates and information patches should beryllium automatically downloaded onto devices. If car download isn't turned on, you tin hunt for and download the latest information spot nether bundle update settings. Users tin besides cheque which mentation of Android they're utilizing successful telephone settings. 

Among the different information issues which the latest Android update fixes are a precocious severity vulnerability successful Android Runtime (CVE-2022-20502) and a precocious severity vulnerability successful Media Framework (CVE-2022-20496) – some could pb to section accusation disclosure without an attacker needing further privileges. A precocious severity vulnerability successful the Kernal (CVE-2022-23960) could besides pb to the aforesaid issue. 

The afloat database of vulnerabilities is disposable connected the Android Security Bulletin for December 2022. 

While there's nary denotation that immoderate of the vulnerabilities person yet been utilized by cyber criminals, applying the information update arsenic soon arsenic imaginable volition assistance users enactment protected from attacks. 

MORE ON CYBERSECURITY

• 5 speedy tips for amended Android telephone information close now
• Android information warning: These crooks telephone you and instrumentality you into downloading malware
• Google warns: Android 'patch gap' is leaving these smartphones susceptible to attack
• Time to update: Google Chrome browser patches high-severity information flaw
• These cybersecurity vulnerabilities are astir fashionable with hackers close present - person you patched them?