Android

Android Updates November 2022: Fixed 45 Vulnerabilities

The Google-published Android updates Security Bulletin for November 2022 has been made available. It contains fixes for 45 security flaws that affect devices running Android versions 10, 11, 12, and 13.

The Google Pixel series of handsets will be the first to receive the updates, but Samsung will also be prepared to deliver patches for some of its most recent models.

The Framework module contained the most serious vulnerability that was patched with the security update of the new Android Security Bulletin of November 2022. This vulnerability might locally escalate privileges without the requirement for extra execution privileges.

The two progressive patch levels for the Android security bulletin updates are 2022-11-01 security patch level and 2022-11-05 security patch level, as is customary.

The flaws in the initial security patch level

15 vulnerabilities were fixed with the first patch package included in the Android Security Bulletin of October 2022, known as 2022-11-01 security patch level, and were organised by the system component they affect. Two further Google Play System fixes are added to this, making a total of 17 issues resolved with the initial cumulative package of updates.

The first seven flaws that the Android Security Bulletin for November 2022 addressed were found in the Framework: The most serious violations in this area might result in local privilege escalation without the requirement for further execution privileges.

The following vulnerabilities have high severity indices and are all EoP (Elevation of Privilege) flaws: CVE-2022-2209, CVE-2022-20441, CVE-2022-20446, CVE-2022-20448, CVE-2022-20450, CVE-2022-20452, and CVE-2022-20457.

Another vulnerability, which is a Denial of Service (DoS) type with a high severity rating, was discovered in Multiple components and tracked as CVE-2022-20426. It could be abused without requiring additional execution privileges to cause a local denial of service.

In the form System, nine additional vulnerabilities were found and fixed. The most serious could result in local privilege escalation without the requirement for more execution privileges.

Five of the vulnerabilities in this section are of the EoP (Elevation of Privilege) type, two are of the ID (Information Disclosure) kind, and two are of the DoS (Denial of Service) type. All of the vulnerabilities are rated with a high severity index.

Two fixes for the Google Play System are also included in the first cumulative patch package; they are identified as CVE-2022-2209 and CVE-2022-20463, respectively, and they have an impact on the WiFi module and the Media Framework components.

The second security patch level’s weaknesses

There are no changes for internal Google operating system components in the second cumulative package of the Android Security Bulletin for November 2022, known as 2022-11-05 security patch level.

The patches now available are for Imagination Technologies, MediaTek, Unisoc, and Qualcomm third-party components. The relevant component makers immediately disclose the technical information and the severity evaluation of these vulnerabilities in the associated security bulletins.

How to update Android devices

A month before the issuance of the security advisory, Google already made all of the Android security updates available to its partners by posting them to the Android Open Source Project (AOSP) repository.

There are currently no reports of any new vulnerabilities being used in actual attacks. This does not imply that you should install every update right away. Depending on the device, some or all updates may be automatically deployed through Google Play services, while others may be given to you in the form of an update by the operator or device maker and may not be required.

Android updates may never be released for less expensive and outdated devices.

It is always advisable to install a solid security solution that can ensure a high level of protection for data and sensitive information stored in memory, especially when the devices are used in a business and production environment.

It would be even better if this security solution were integrated into any client mobile device management for the remote and centralised control of devices used for smart working.

How long do you receive Android updates

According to Google’s update policies, security updates will be guaranteed for three years from release in the US version of the Google Store, and devices must receive updates for the version of Android installed for at least three years following the date of launch on the Google Store.

In terms of delivery timing, Google indicates on the support site that upgrades for devices bought directly from the Google Store will arrive in a matter of weeks, however updates for devices bought from third-party sellers may take longer.

Conclusion

The November 2022 edition of the Android Security Bulletin from Google is now accessible. 45 security issues that affect smartphones running Android versions 10, 11, 12, and 13 are fixed. The worst offences here might lead to local privilege escalation without the need for further execution privileges. The first cumulative patch package of the Android Security Bulletin for November 2022, also known as 2022-11-05 security patch level, provides patches for vulnerabilities in the Google Play System. The third-party components from Imagination Technologies, MediaTek, Unisoc, and Qualcomm are now covered by the fixes. While devices purchased through third-party sellers may not receive security upgrades for a longer length of time, devices purchased directly from the Google Store will receive security updates for at least three years.

Is updating Android security patch necessary?

A security patch update’s goal is to close any security gaps left by a significant software update or initial programme download. This means that with each security patch update, the developer gets told that hundreds of victims have been hacked as a result of that hole or vulnerability.

What is the most recent Android security update?

The Pixel 4 series, Pixel 4a series, Pixel 5, Pixel 5a, Pixel 6 series, and Pixel 6a have all progressively begun receiving the October 2022 security update. The most recent release’s build number is TP1A. 221005.002 (TP1A. 221005.003 for the Pixel 6a).

What is secure update?

If a software update system promptly learns about the most recent updates, we can consider it “secure.” It checks files before downloading them to ensure that they are accurate, and neither process causes any damage.

Always be updated with computer tips, mobile tips, How to fix, tech reviews, and tech news on Rowdytech, or subscribe to the YouTube channel.

Related Articles

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Back to top button
0
Would love your thoughts, please comment.x
()
x