This week, Google engineers released December updates for Android, eliminating more than 40 vulnerabilities in total. So, 17 problems were fixed at the security level 2019-12-01 and another 27 at the security level 2019-12-05.
Of the seventeen problems fixed at security level 2019-12-01, six affected the Framework (privilege escalation and information disclosure), two were discovered as part of the Media framework (remote code execution), and seven were related to System (remote code execution, privilege escalation) and disclosures). In addition, two vulnerabilities were fixed in the Google Play updater.
The most serious of these vulnerabilities was named CVE-2019-2232: a critical DoS error that affected the Framework component in Android 8.0, 8.1, 9, and 10. The vulnerability could be exploited by a remote attacker to provoke a constant denial of service, and for this it’s enough was to send a specially created message to the victim, explain Google experts
Security level 2019-12-05 includes fixes for disclosure errors in the Framework and System, three privilege escalation issues in kernel components, and twelve other high-risk vulnerabilities in Qualcomm components. In addition, it also contains fixes for ten issues in Qualcomm's closed-source components, three of which are considered critical and seven are high-risk.
In addition to the vulnerabilities fixed in Android, in December 2019, Google also fixed a number of mistakesmanifest exclusively on Pixel devices.