Google on Monday announced that the December 2023 Android security updates deliver patches for 94 vulnerabilities.
The first part of the updates - the 2023-12-01 security patch level - resolves 33 vulnerabilities in Android's Framework and System components.
Three of these are rated 'critical severity'.
Tracked as CVE-2023-40088, the RCE flaw impacts Android 11, 12, 12L, 13, and 14 and does not require user interaction for successful exploitation, the internet giant explains.
The latest Android update resolves 15 other issues in the System component, namely 10 elevation of privilege issues and five information disclosure bugs.
The update also patches 17 vulnerabilities in the Framework component, including two critical bugs leading to elevation of privilege and information disclosure.
A total of 61 issues were resolved with the second part of this month's Android updates - the 2023-12-05 security patch level -, including two critical-severity flaws.
The 2023-12-05 security patch level resolves all 61 issues and the vulnerabilities addressed as part of the 2023-12-01 security patch level.
On Monday, Google also announced that patches for an elevation of privilege vulnerability were included in the December 2023 Wear OS security update.
No CVE is mentioned in the December 2023 Android Automotive security bulletin.
The company has yet to publish a security bulletin describing this month's updates for Pixel devices.
Google makes no mention of any of the vulnerabilities addressed this month being exploited in the wild.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 05 Dec 2023 13:13:05 +0000