Google kills "critical" Android vulnerability with December security update

0comments
Google kills "critical" Android vulnerability with December security update
It looks like Google is back to releasing its monthly updates on the first Monday of every month. The November Android security update was released on the first Monday of November and today the December security update was released on the first Monday of December. Whether Google remains committed to the schedule is unknown but we can tell you that today's release did not include an update for the Pixel phones.

Before we start screaming at the top of our computer QWERTY keys about how Google screwed up again, there actually is a good reason why the Pixel update was not released today. That's because  the December Pixel update will be a Quarterly Platform Release aka the Pixel Feature Drop and Google would prefer to make a big deal about it by releasing it all by its self. 

The update will have many new features for eligible Pixel handsets. One feature coming for the Pixel 8 Pro is Video Boost which takes video recorded by the phone, makes two copies, and sends one through the cloud to Google where the latter's computational photography capabilities "boost" it. When the video is ready, you get a notification and it is sent to your Google Photo library.


Today's security update includes a patch for CVE-2023-40088, one of 85 vulnerabilities patched with today's update. Listed under the System heading of flaws fixed by the update (there were 16 System vulnerabilities listed), this particular vulnerability is listed as an RCE or Remote code execution, and it could have be used by attackers to place their own code into the system of a target phone without the phone user's knowledge or permission. It is unknown whether this vulnerability was exploited in the past.

Google mentioned this particular flaw in the Android Security Bulletin as it wrote, "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation," Google classified this vulnerability as "critical."

If you're waiting for the Pixel December Feature Drop to, well, drop, keep checking in with us as it could happen at any time.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless