Jump to content
  • Android March 2023 update fixes two critical code execution flaws

    alf9872000

    • 381 views
    • 2 minutes
     Share


    • 381 views
    • 2 minutes

    Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13.

     

    The flaws fixed this time are delivered via two separate security patch levels, namely 2023-03-01 and 2023-03-05. The first pack contains 31 fixes for core Android components like Framework, System, and Google Play.

     

    “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” reads the security bulletin.

     

    “User interaction is not needed for exploitation.”

     

    The two flaws are tracked as CVE-2023-20951 and CVE-2023-20954, while Google has withheld all information about them to prevent helping attackers from engaging in active exploitation before users can apply the available updates.

     

    The remaining 29 fixes on the first patch level concern high-severity escalation of privilege, information disclosure, and denial of service problems.

     

    Patch level 2023-03-05 contains 29 fixes for the Android Kernel and third-party vendor components from MediaTek, Unisoc, and Qualcomm.

     

    The most severe issues fixed this month are two critical-severity flaws on closed-source Qualcomm components, tracked as CVE-2022-33213 and CVE-2022-33256.

     

    The rest of the flaws for this patch level are all high-severity vulnerabilities of undefined type.

     

    To update your Android device, head to Settings → System → System Update and click on the “Check for updates” button. Alternatively, you can navigate to Settings → Security&Privacy → Updates → Security update.

     

    If you’re running Android 10 or older, your device has reached the end of life (EoL) since September 2022 (for v10), and it will not receive fixes for the above flaws.

     

    However, some important security fixes may reach them via Google Play system updates, accessible through Settings → Security & privacy → Updates → Google Play system update.

     

    Users of older devices that are still functional are recommended to switch to an active third-party Android distribution, like LineageOS or GrapheneOS, that offers up-to-date OS images for devices no longer supported by their OEMs.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...