From www.tomsguide.com

Android malware botnet attack

(Image credit: Shutterstock)

A total of 60 different flaws including two critical remote code execution vulnerabilities have been patched with the release of Google’s March 2023 Android security updates.

As reported by BleepingComputer (opens in new tab), these flaws impact the best Android phones running Android 11, Android 12 and Android 13. However, this time, the latest fixes from Google are being delivered via two separate security patch levels: 2023–03-01 and 2023-03-05.

While the first pack contains 31 fixes for core Android components like Framework, System and Google Play, the second pack has 29 fixes for the Android Kernel as well as for third-party vendor components from Qualcomm, MediaTex and Unisoc.

Android users will want to download and install these security updates as soon as they become available since the two critical remote code execution flaws can be exploited with no user interaction whatsoever.

Critical remote code execution flaws

An image of a Google Android robot

(Image credit: Shutterstock)

In a security bulletin (opens in new tab) for its March 2023 Android security updates, Google explains that of the issues patched, the most severe is a “critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed”.

The two critical flaws are tracked as CVE-2023-20951 and CVE-2023-20954. However, the search giant has included any additional information about them in an effort to prevent hackers from exploiting them before Android users can apply its new updates.

When it comes to third-party vendors, there are also two critical-severity flaws that affect Qualcomm components and are tracked as CVE-2022-33213 and CVE 2022-33256.

So far we haven’t heard anything about these flaws being actively exploited in the wild but hackers could be developing exploits for them right now which is why keeping your Android smartphone up to date is so important.

How to update your Android smartphone

A hand holding a phone securely logging in

(Image credit: Google)

To check to see if these new security updates are available for your Android smartphone, you first need to head to Settings, then System and tap on System Update before clicking on the “Check for updates” button. Likewise, you can also go to Settings, then to Security & Privacy, tap on Updates and then Security update.

Unfortunately, devices running Android 10 or lower won’t receive these patches as they reached their end of life (EoL) last September. Still though, some important security fixes may be available as Google Play system updates which you can access from the Settings menu by going to Security & Privacy, Updates and then Google Play system update.

If you have an older Android phone that still works well but is no longer receiving security updates, you may want to look into installing a custom rom like LineageOS or GrapheneOS since they both offer up-to-date operating system images for devices that are no longer supported by their manufacturers. However, if installing a custom rom seems like a daunting task, it may just be time to upgrade to a new device.

As for staying safe from mobile threats, you should ensure that Google Play Protect is enabled on your smartphone, though you can also install one of the best Android antivirus apps for additional protection.

We’ll likely hear more from Google about these two critical remote code execution flaws once enough users have installed the latest Android security updates.

More from Tom’s Guide

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

The post Google’s March Android update patches two critical flaws — download it right now first appeared on www.tomsguide.com

New reasons to get excited everyday.



Get the latest tech news delivered right in your mailbox


Google’s March Android update patches two critical flaws — download it right nowGoogle’s March Android update patches two critical flaws — download it right now

You may also like

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments