Google Fixed Two Critical Vulnerabilities With Android March 2023

Google has recently rolled out the scheduled Android security update for March 2023, fixing numerous security vulnerabilities. Two of these patches also address critical code execution bugs that affected multiple Android versions. Users must ensure to update their devices as soon as they receive the update to protect their devices.

Google

Android March Update Fixes Multiple Vulnerabilities

The tech giant Google has rolled out monthly security updates for its Android users. With the March 2023 update, Google has fixed multiple vulnerabilities in different Android versions, releasing the updates in two installments.

  • The first installment, dated March 1, 2023, addressed vulnerabilities in the following components.
    Framework: Received patches for 8 privilege escalation vulnerabilities, 2 information disclosure issues, and 1 denial of service flaw. All of these vulnerabilities attained a high-severity rating.
  • System: Includes fixes for 2 critical severity remote code execution vulnerabilities – CVE-2023-20951 and CVE-2023-20954. These flaws affected Android 11, 12, 12L, and 13, letting an adversary exploit the flaw with no user interaction. Besides, Google also fixed 9 high-severity privilege escalation vulnerabilities, 5 information disclosure issues, and 2 DoS flaws.
  • Google Play: The patches address CVE-2023-20956 (for Media Codecs), CVE-2023-20947 (Permission Controller), CVE-2023-20929 (Tethering), and CVE-2022-20499 and CVE-2023-20910 (WiFi).

Following this release, Google released another update installment on March 5, 2023. It includes an important Kernel patch for a high-severity privilege escalation vulnerability (CVE-2021-33655) in Frame Buffer. Besides, the update also includes security fixes for MediaTek components, Unisoc, and Qualcomm components, which the vendors have also directly released with details.

While Google has rolled out these updates already, not all Android users will receive the patches simultaneously. That’s because the relevant Android device vendors have their own schedules for releasing updates.

Hence, the users must stay vigilant without updating their devices as soon as they receive the relevant prompt. Users may also manually check any updates for their devices via the “Settings” menu.

However, the devices must be running Android 11 or higher since the older Android versions have reached their scheduled End-of-Life (EoL).

Attribution link