On Monday, Google published its monthly security bulletin, releasing the latest available patches for Android devices. In this month’s update, a total of 37 vulnerabilities were patched. One of these patches is a critical security flaw that lies in the System component. If exploited by malicious actors, the flaw could lead to remote code execution via Bluetooth, with no additional execution privileges required. This vulnerability has now been patched on Android 10, 11, 12, and 12L and is tracked as CVE-2022-20345.
The remaining 36 flaws were assigned a high severity rating due to the possibility of exploitation leading to privilege escalation or information disclosure. According to Google, they impact components such as Framework, System, Kernel, Media Framework, Imagination, Technologies, Qualcomm, and Unisoc. Android users have been urged to fix all of the issues immediately and install the latest security update.