Introduction:
Google issued Android Security Bulletin for December 2023 that provided information on security fixes designed to tackle risks affecting Android devices. Google informs their partners about such troubles for about one month that is preceding the public distribution and appropriate corrections are placed in the Android Open Source Project (AOSP) repository not later than 48 hours.
Critical System Vulnerability: CVE-2023-40088
The most serious matter discussed in Android December security patches is a critical system vulnerability under CVE-2023-40088 that might result into remote coding. Importantly, exploitation does not require any user actions or privileges. Assumed critical because some devices may be impacted, except on purpose or if successful circumvention of Android and Google services is assumed for development testing. It has been noted that the exploit status of such a vulnerability is still unknown.
Identified Critical System Vulnerabilities and Updates:
The critical system vulnerabilities addressed in the December 1st and 5th Android patches are identified by the following CVE codes:
CVE-2023-40088 (RCE):
Android 11 through 14 on AOSP.*/
CVE-2023-45866 (EoP):
Google has patched their AOSP system up to android 11, 12, 12L, 13, and 14.
System Vulnerability Overview:
In total, considering the patches from December 1st and 5th, the following system vulnerabilities are resolved:
Critical Vulnerabilities:
2 vulnerabilities (as mentioned above).
High-Risk Vulnerabilities:
15 vulnerabilities.
Security Recommendation:
It is highly recommended that you should regularly update your smartphone to the latest version available. Updates should not just be about functional upgrades from the manufacturer to the user interface. Rather it should aim at upholding top notch security measures for the smartphone. Keeping you aware and safeguarding your device always requires updating on time.