Security News > 2023 > March > Android March 2023 update fixes two critical code execution flaws
Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution vulnerabilities impacting Android Systems running versions 11, 12, and 13.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed," reads the security bulletin.
The two flaws are tracked as CVE-2023-20951 and CVE-2023-20954, while Google has withheld all information about them to prevent helping attackers from engaging in active exploitation before users can apply the available updates.
To update your Android device, head to Settings System System Update and click on the "Check for updates" button.
If you're running Android 10 or older, your device has reached the end of life since September 2022, and it will not receive fixes for the above flaws.
Some important security fixes may reach them via Google Play system updates, accessible through Settings Security & privacy Updates Google Play system update.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-24 | CVE-2023-20954 | Out-of-bounds Write vulnerability in Google Android In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. | 9.8 |
| 2023-03-24 | CVE-2023-20951 | Out-of-bounds Write vulnerability in Google Android In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 |