Security News > 2023 > December > December Android updates fix critical zero-click RCE flaw

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution bug.

"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation," the advisory explains.

An additional 84 security vulnerabilities were patched this month, with three of them critical severity privilege escalation and information disclosure bugs in Android Framework and System components.

Two months ago, in October, Google also patched two security flaws that were exploited as zero-days, the former in the libwebp open-source library and the latter affecting multiple Arm Mali GPU driver versions used in a broad range of Android device models.

The September Android security updates addressed another actively exploited zero-day in the Android Framework component that allowed attackers to escalate privileges without requiring additional execution privileges or user interaction.

As usual, Google released two patch sets with the December security updates month, identified as the 2023-12-01 and 2023-12-05 security levels.

News URL

https://www.bleepingcomputer.com/news/security/december-android-updates-fix-critical-zero-click-rce-flaw/