New Update Android Security Updates for March 2023 - Two critical code execution flaws fixed

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520


Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13.

The flaws fixed this time are delivered via two separate security patch levels, namely 2023-03-01 and 2023-03-05. The first pack contains 31 fixes for core Android components like Framework, System, and Google Play.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” reads the security bulletin.


“User interaction is not needed for exploitation.” The two flaws are tracked as CVE-2023-20951 and CVE-2023-20954, while Google has withheld all information about them to prevent helping attackers from engaging in active exploitation before users can apply the available updates.

The remaining 29 fixes on the first patch level concern high-severity escalation of privilege, information disclosure, and denial of service problems.
 

Sammo

Level 8
Verified
Well-known
Jan 27, 2012
371
Still waiting for the update on my Pixel. Was supposed to be released Monday
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top