Google patched nearly 100 Android security issues in December 2023
New Delhi: Google has fixed nearly 100 Android security issues in the month of December last year, which includes patches for two critical issues in the Framework, the most severe of which could lead to remote escalation of privileges with no additional privileges needed.
"User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed," Google said.
The CVE-2023-40088 flaw could lead to remote code execution, while the CVE-2023-40078 is an elevation of privilege flaw with a high impact rating, reports Wired.
Google has also released an update for its WearOS platform, which fixes CVE-2023-40094, an elevation of privilege bug.
Meanwhile, Microsoft’s December Patch fixed more than 30 vulnerabilities, including several remote code execution (RCE) flaws.
Among the major fixes was CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6. An attacker could use a malicious link, software, or file to fool the victim.
In December, Apple released iOS 17.2 -- a significant upgrade that included various features such as the Journal app, along with 12 security patches. One of the issues addressed in iOS 17.2 was CVE-2023-42890, a vulnerability in the WebKit browser engine that could enable an attacker to execute code.
In addition, Apple has identified a flaw in the iPhone's Kernel that could allow an app to break out of its secure sandbox, the tech giant wrote on its support page.