Google has started the rollout of the latest security patch for Android devices this month. In the December update, the company addressed 85 vulnerabilities, among which one was very critical named (CVE-2023-40088). Notably, Google identified 16 system vulnerabilities, including the critical flaw, categorized as an RCE (Remote Code Execution).
This type of vulnerability could potentially allow attackers to place their own code into a target phone’s system without the user’s awareness or consent. While there’s no indication whether this flaw was previously exploited, Google asserts that it has been rectified, urging Android users to promptly install the update.
Google mentioned this flaw in the Android Security Bulletin and wrote “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google classified this vulnerability as “critical.” The company also noted that the flaw was affecting multiple Android versions. The versions included Android 11, 12, 12L, 13 and 14.
Notably Google didn’t release the Pixel update along with the December security patch. The reason being December Pixel update will be a Quarterly Platform Release (also known as the Pixel Feature Drop) and to show its importance Google may release it separately.
The upcoming update is expected to introduce multiple new features for eligible Pixel models. One of the key features coming for the Pixel 8 Pro is the Video Boost. This feature will take the recorded videos from the phone, make two copies of it, and then send one through the cloud to Google. The company’s computational photography capabilities “boost” this video and send it back to the users. When the video is ready, the users will get a notification and then it’ll be will be added to their Google Photo library.