has released its two security bulletins for the current patchday. The company closes 52 security holes in December. Seven vulnerabilities are classified as critical. They may allow malicious code to be injected remotely, for example using a specially crafted app, and take control of an unpatched smartphone.
The Android Security Bulletin for December contains details on 44 vulnerabilities. Users who receive updates with the 1st December security patch level are protected, among others, from attacks on critical vulnerabilities in the Android Framework and the Media Framework. They affect the Android versions 8.0, 8.1, 9 and 10. The developers also correct security bugs in the Android system and in Google Play. They can also be exploited for denial of service attacks, unauthorized extension of user rights and information theft.
The second part of the December update also fills holes in the framework and system, as well as in Qualcomm’s kernel components and components. Among others, the TCP stack, Qualcomm WLAN chips, the USB midi-class driver and the Prism54 WLAN USB driver are vulnerable.
The Pixel bulletin lists only eight vulnerabilities, including a critical vulnerability in the Android system that reveals sensitive information on Android 10. However, the Pixel devices receive several bug fixes that Google describes in the Pixel Community Forum. Improvements are mainly available for the Google Pixel 4 and 4XL. They affect functions such as Bluetooth, audio and system UI. A patch should also eliminate a screen flicker in various situations.
, however, put on another early start and began even before Google with the distribution of the December update to several devices, including Galaxy Note 10 and Note 9 . As of the weekend available Android 10 update for the Galaxy S10, S10 + and S10e also raises the devices on the security patch level December 1.
With it, the Korean company closes 38 vulnerabilities in Android. In addition, Samsung reports six vulnerabilities in its own software, including two bugs that reveal personal information about blocked devices.
LG also has 38 patched vulnerabilities in December. Of these, eight are rated as critical. They occur on Android 8.x Nougat and 9 Pie.
Security updates are also quickly available from other manufacturers, including Nokia, OnePlus, Huawei, Xiaomi, Motorola, and Blackberry. The delivery usually takes place over-the-air via the Android-integrated update function. However, depending on your country and mobile service provider, provisioning may be delayed. In addition, almost all manufacturers limit at least the regular supply of patches on current and high-priced devices.