A total of 60 different flaws, including two critical remote code execution vulnerabilities, have been patched with the release of Google’s March 2023 Android security updates.
As reported by BleepingComputer (opens in new tab), these flaws impact the best Android phones running Android 11, Android 12 and Android 13. However, this time, the latest fixes from Google are being delivered via two separate security patch levels: 2023–03-01 and 2023-03-05.
The first pack contains 31 fixes for core Android components like Framework, System and Google Play. The second pack has 29 fixes for the Android Kernel as well as for third-party vendor components from Qualcomm, MediaTex and Unisoc.
Android users will want to download and install these security updates as soon as they become available since the two critical remote code execution flaws can be exploited with no user interaction whatsoever.
Critical remote code execution flaws
In a security bulletin (opens in new tab) for its March 2023 Android security updates, Google explains that of the issues patched, the most severe is a “critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed”.
The two critical flaws are tracked as CVE-2023-20951 and CVE-2023-20954. However, the search giant has included any additional information about them in an effort to prevent hackers from exploiting them before Android users can apply its new updates.
When it comes to third-party vendors, there are also two critical-severity flaws that affect Qualcomm components and are tracked as CVE-2022-33213 and CVE 2022-33256.
So far we haven’t heard anything about these flaws being actively exploited in the wild but hackers could be developing exploits for them right now which is why keeping your Android smartphone up to date is so important.
How to update your Android smartphone
To check to see if these new security updates are available for your Android smartphone, you first need to head to Settings, then System and tap on System Update before clicking on the “Check for updates” button. Likewise, you can also go to Settings, then to Security & Privacy, tap on Updates and then Security update.
Unfortunately, devices running Android 10 or lower won’t receive these patches as they reached their end of life (EoL) last September. Still though, some important security fixes may be available as Google Play system updates which you can access from the Settings menu by going to Security & Privacy, Updates and then Google Play system update.
If you have an older Android phone that still works well but is no longer receiving security updates, you may want to look into installing a custom rom like LineageOS or GrapheneOS since they both offer up-to-date operating system images for devices that are no longer supported by their manufacturers. However, if installing a custom rom seems like a daunting task, it may just be time to upgrade to a new device.
As for staying safe from mobile threats, you should ensure that Google Play Protect is enabled on your smartphone, though you can also install one of the best Android antivirus apps for additional protection.
We’ll likely hear more from Google about these two critical remote code execution flaws once enough users have installed the latest Android security updates.