Security News > 2023 > December > December Android updates fix critical zero-click RCE flaw
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution bug.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation," the advisory explains.
An additional 84 security vulnerabilities were patched this month, with three of them critical severity privilege escalation and information disclosure bugs in Android Framework and System components.
Two months ago, in October, Google also patched two security flaws that were exploited as zero-days, the former in the libwebp open-source library and the latter affecting multiple Arm Mali GPU driver versions used in a broad range of Android device models.
The September Android security updates addressed another actively exploited zero-day in the Android Framework component that allowed attackers to escalate privileges without requiring additional execution privileges or user interaction.
As usual, Google released two patch sets with the December security updates month, identified as the 2023-12-01 and 2023-12-05 security levels.
News URL
Related news
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation (source)
- Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)