In its Android Security Bulletin for December, Google is pushing an especially large number of updates to address vulnerabilities across different components—and two of the flaws may have been exploited in the wild.

The December patch covers 107 bugs across Android Kernel, System, and Framework as well as Qualcomm, MediaTek, Arm, Unisoc, and Imagination Technologies components. The high-severity vulnerabilities include denial of service, elevation of privilege, and information disclosure flaws. There are also a handful of bugs labeled as "critical."

Two active exploits

Two of the vulnerabilities addressed in the December update are zero-days, which are flaws that have been actively exploited or publicly disclosed before the developer makes a patch available. Google notes that both may b

See Full Page