Android Vulnerabilities July 2022

Google provides several updates for Android: the cumulative package of updates that fixes 29 vulnerabilities identified in the various software components of its mobile operating system.

The most serious of the vulnerabilities fixed this month was identified in the System module and could lead to execution of remote code without the need for additional execution privileges.

At the moment, there are no reports of any exploitation of the new vulnerabilities in actual attacks.
All updates should be installed as soon as possible. Other depending on the device, may be applied automatically through Google Play services. Others may be sent to the user in the form of an update from the device operator or manufacturer, and some may not be necessary.

Google’s update policies require that devices receive updates for their installed version of Android for at least three years from the date of introduction in the Google Store, while security updates will be guaranteed for three years from the date of introduction in the U.S. version of the Google Store.

List of Vulnerabilities

The most serious vulnerability in this section could lead to remote code execution without the need for additional execution privileges.

Nine vulnerabilities were identified in the System module: CVE-2022-20222, CVE-2022-20229, CVE-2021-0981, CVE-2022-20223, CVE-2022-20226, CVE-2022-20221, CVE-2022-20224, CVE-2022-20225, and CVE-2022-20230.

Three vulnerabilities in Unisoc chips were also fixed with the second cumulative package of updates in the July 2022 Android Security Bulletin: CVE-2022-20216, CVE-2022-20217, CVE-2022-20236, and CVE-2022-20238, all of which were rated with a high severity index.

Finally, the July 2022 Android Security Bulletin fixes two vulnerabilities in Qualcomm chips CVE-2022-22096 and CVE-2022-22058 and three in closed-source components of the same chips CVE-2022-25657, CVE-2022-25658, CVE-2022-25659