Google released March 2023 security updates for Android, fixing a total of 60 vulnerabilities, and among them, two critical severity Remote Code Execution (RCE) vulnerabilities affecting Android systems running versions 11, 12 and 13.

The flaws patched this time around are delivered via two separate security patch levels, namely 2023-03-01 and 2023-03-05. The first pack contains 31 fixes for major Android components such as Framework, System, and Google Play.

“The most serious of these issues is a critical security vulnerability in the system component that could lead to remote code execution without additional execution privileges required,” reads the safety bulletin.

“User interaction is not required for operation.”

The two flaws are identified as CVE-2023-20951 and CVE-2023-20954, while Google withheld all information about them to prevent attackers from engaging in active exploitation before users can apply updates. updates available.

The remaining 29 fixes in the first patch level address high-severity privilege escalation, information disclosure, and denial of service issues.

Patch level 2023-03-05 contains 29 fixes for the Android kernel and third-party vendor components from MediaTek, Unisoc, and Qualcomm.

The most serious issues resolved this month are two critical-severity flaws on closed-source Qualcomm components, tracked as CVE-2022-33213 and CVE-2022-33256.

The other vulnerabilities in this patch level are all high-severity vulnerabilities of type undefined.

To update your Android device, go to Settings → System → System Update and click the “Check for updates” button. Alternatively, you can navigate to Settings → Security & Privacy → Updates → Security Updatee.

If you are using Android 10 or earlier, your device has reached End of Life (EoL) since September 2022 (for v10) and it will not receive fixes for the above flaws.

However, some important security patches can reach them through Google Play system updates, which can be accessed through Settings → Security & Privacy → Updates → Google Play System Update.

Users of older devices that are still functional are recommended to upgrade to an active third-party Android distribution, such as LineageOS or GrapheneOS, which offers up-to-date OS images for devices no longer supported by their OEMs .


Source link