The vulnerability was fixed in updates for Android 12 and 12L.
A critical vulnerability in the Android OS, tracked as CVE-2022-20345 , could be used to remotely execute arbitrary code via Bluetooth. Moreover, an attacker does not need to obtain additional rights to remotely execute code using the identified security hole.
Google reported on it in its latest security bulletin, but did not disclose further technical details. We only know that the vulnerability affected the System.
In addition to CVE-2022-20345, the company has fixed about 30 other vulnerabilities in a series of patches that have received a high degree of risk. They affect Framework, Media Framework, System, Kernel, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.
Google has not bypassed its smartphones either – 40 vulnerabilities have been fixed in Google Pixel, including 4 critical vulnerabilities that allow attackers to remotely execute arbitrary code.