Google released December 2019 security updates for its Android mobile OS that addressed several flaws, including a critical vulnerability, tracked as CVE-2019-2232, that could result in a permanent denial of service (DoS).
Google addressed more than 40 vulnerabilities, including 17 as part of the 2019-12-01 security patch level, and 27 more in the 2019-12-05 security patch level.
The 2019-12-01 security patch level addressed six issues that reside in the Framework, two in the Media framework, seven in the System, and two in the Google Play system updates.
The critical CVE-2019-2232
“The most severe vulnerability in this section could enable a remote attacker using a specially crafted message to cause a permanent denial of service.” reads the security advisory published by Google.
Google also addressed other 5 issues in the Framework, three high-severity elevation of privilege flaws (CVE-2019-9464, CVE-2019-2217, CVE-2019-2218), one high-risk information disclosure (CVE-2019-2220), and one medium-severity elevation of privilege bug
The vulnerabilities patched in System are high severity issues that include a remote code execution, an elevation of privilege, and five information disclosure weaknesses.
The flaws addressed in the Media framework are RCE flaws rated as moderate severity, they impact Android 10.
The 2019-12-05 security patch level addresses one high-severity information disclosure issue in Framework and one in the System. It also fixes three high-risk elevation of privilege issues in Kernel and twelve high-severity vulnerabilities in Qualcomm components.
Moreover, it also brings patches for a total of ten flaws in Qualcomm closed-source components, three of which are considered critical, and seven rated high risk.
Google also addressed a collection of security vulnerabilities on Pixel devices only.
“For Google devices, security patch levels of 2019-12-05 or later address all issues in this bulletin and all issues in the December 2019 Android Security Bulletin.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.