Google released December patches for Android, which fixed dozens of vulnerabilities

Google released the December patches for Android and published another newsletter listing vulnerabilities fixed in the mobile OS. A dozen of them are relevant for all Android devices, regardless of manufacturer.

The most serious problem, according to developers, is associated with an error in the code of the Framework component.

“The most severe of these issues is a critical security vulnerability in the Framework component that could enable a remote attacker using a specially crafted message to cause a permanent denial of service. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed”, — reports Google bulletin.

Two vulnerabilities in the Media Framework make it possible remotely execution of a malicious code with high privileges. Bugs are recognized as critical for Android versions 8.0, 8.1 and 9. Installing Android 10 in both cases can reduce the threat level to moderate.

Read also: Two cybercriminal groups attack hotels around the world

Three critical vulnerabilities are also patched in Qualcomm Technologies’ closed-source components.

According to the description on the company’s website, all of them are caused by buffer overflow errors.

“Qualcomm chipset firmware identified another 19 problems; their degree of threat is slightly lower, but still high. It’s noteworthy that 12 dangerous bugs are tied to the WLAN module and allow attacks on Android devices via Wi-Fi”, – reported in the bulletin.

At the same time, was released an update for Pixel, which fixes all new Android vulnerabilities, as well as eight security issues that are unique to devices manufactured by Google. Two additional bugs are present in the system components of Android 10, the rest are in the kernel components.

The problem in the System that leads to the disclosure of confidential information is rated as critical, the possibility of privilege escalation as a high degree of danger. Kernel-level bugs are recognized as moderately dangerous.

According to Google, its partners were warned of new Android problems at least a month before the release of the December security bulletin. The source codes for the patches usually become available in the repository of the AOSP (Android Open Source Project) project two days after the publication of the list of fixed vulnerabilities.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button