Google has recently rolled-out numerous Android updates for December. These even include patches for some critical vulnerabilities in Android. One of these, upon an exploit, could lead to permanent denial of service.
Reportedly, Google has fixed a critical security flaw affecting the latest Android devices with the December updates. A potential attacker could exploit this bug to create a persistent DoS state on the target device.
Mentioning about this vulnerability (CVE-2019-2232) in an advisory, Google stated,
Google deemed this bug as a critical severity flaw for all affected Android versions alike, i.e., Android 8.0, 8.1, 9.0, and 10.
In addition to the above, Google also rolled out fixes for two more serious security flaws affecting different Android versions. In case of an exploit, the flaws could allow an attacker to perform remote code execution on the target device.
These include CVE-2019-2222 and CVE-2019-2223 that received a critical severity rating in the case of Android 8.0, 8.1, and 9. Whereas, for Android 10, Google deemed the vulnerabilities as moderately severe.
Elaborating further on these flaws, the advisory reads,