Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.”
The most severe of these flaws is a vulnerability in the System component that could lead to remote code execution (RCE) without any additional execution privileges required. User interaction is not needed for exploitation.