Google released a security alert on Monday outlining the most recent batch of Android operating system upgrades. There have been fixes for thirty-two vulnerabilities, including a serious flaw that might allow Bluetooth to be used for remote code execution.
The System component is vulnerable, according to the CVE-2022-20345 tracking number. Updates for Android 12 and 12L have patched it.
According to Google, an attacker can remotely execute arbitrary code via Bluetooth without additional execution privileges. There is no additional information regarding the vulnerability.
The remaining security flaws have been given a “high severity” classification. They affect parts from companies like Qualcomm, Imagination Technologies, MediaTek, Unisonic, and the Framework, Media Framework, System, and Kernel. Many of them have the potential to increase privileges or reveal information.
Google publishes two patch levels to give its partners the freedom to move swiftly to remedy a portion of vulnerabilities that are common to all devices. The security patch levels ‘2022-08-01’ and ‘2022-08-05’ contain fixes for these issues. The IT giant does, however, suggest that partners utilize the most recent security patch level and compile all patches into a single update.
Google fixed 40 security flaws in its Pixel devices, including four serious problems with remote code execution that directly affected the modem. Three flaws, which can result in privilege escalation or data leakage, are classified as “high severity,” while the remaining flaws are classified as “moderate severity.”
Additionally, Samsung has patched 20 vulnerabilities in its products and the vulnerabilities in Android in updates for its flagship phones.
Source : HackerCombat