- Feb 4, 2016
- 2,520
Android March 2023 update fixes two critical code execution flaws
Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13.
www.bleepingcomputer.com
Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13.
The flaws fixed this time are delivered via two separate security patch levels, namely 2023-03-01 and 2023-03-05. The first pack contains 31 fixes for core Android components like Framework, System, and Google Play.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” reads the security bulletin.
“User interaction is not needed for exploitation.” The two flaws are tracked as CVE-2023-20951 and CVE-2023-20954, while Google has withheld all information about them to prevent helping attackers from engaging in active exploitation before users can apply the available updates.
The remaining 29 fixes on the first patch level concern high-severity escalation of privilege, information disclosure, and denial of service problems.