Earlier this week, Google announced that the new Android patches fixed a total of "40" vulnerabilities, various were "critical" rated. The most critical vulnerabilities addressed in the June 2022 security updates, according to Google, affect the system components and could cause remote code execution (RCE). Known as CVE-2022-20127, the flaw affects Android versions 10,11,12, and 12L. As per Google advisory, the most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed.
"Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device/partner security bulletins are not required for declaring a security patch level" says Google Advisory. Besides this, two more critical-severe vulnerabilities were patched into the system with Android updates, both of these vulnerabilities could lead to elevation of privilege.
Known as CVE-2022-20140, the first vulnerability affects Android 12 and Android 12L. The second vulnerability, CVE-2022-20145, affects Android 11. In June another severe critical flaw fixed in Android was discovered in the Media framework.
Known as CVE-2022-20130, it might cause RCE on systems using Android 10 and forthcoming. These four vulnerabilities were patched as a part of the 2022-06-01 security patch level, it also consists of 5 security flaws in Framework, and 13 more vulnerabilities in the device component, all these bugs are rated "high severity."
If these issues are exploited successfully, it may lead to information disclosure, the elevation of privilege, or Denial of Service (DoS). "Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available" says Google Advisory.
