This week, Google engineers released December updates for Android, eliminating more than 40 vulnerabilities in total. So, 17 problems were fixed at the security level 2019-12-01 and another 27 at the security level 2019-12-05.
Of the seventeen problems fixed at security level 2019-12-01, six affected the Framework (privilege escalation and information disclosure), two were discovered as part of the Media framework (remote code execution), and seven were related to System (remote code execution, privilege escalation) and disclosures). In addition, two vulnerabilities were fixed in the Google Play updater.
The most serious of these vulnerabilities was named CVE-2019-2232: a critical DoS error that affected the Framework component in Android 8.0, 8.1, 9, and 10. The vulnerability could be exploited by a remote attacker to provoke a permanent denial of service, and for this it’s enough was to send the victim a specially crafted message, explain Google experts.
Security level 2019-12-05 includes bug fixes for disclosing information in the Framework and System, three privilege escalation issues in kernel components, and twelve other high-risk vulnerabilities in Qualcomm components. In addition, it also contains fixes for ten issues in Qualcomm’s closed-source components, three of which are considered critical and seven are high-risk.
In addition to vulnerabilities fixed in Android, in December 2019, Google also fixed a number of errors that appeared exclusively on Pixel devices.