The March 2023 Android update is an important one, as it fixes two critical vulnerabilities found in the operating system. Android usually releases a monthly security update that fixes minor bugs, but this month’s is one of the biggest.
If you have an Android phone, when you skip the next update, don’t skip it , as it may be the solution to a huge danger that you have right now with the CVE-2023-20951 and CVE-2023-20954 vulnerabilities and the possibility of executing code from remotely.
Two critical vulnerabilities in Android
The March 2023 security updates include fixes for two critical security issues that affect the system component. One of them could “lead to remote code execution without the need for additional privileges,” Google has reported in its breakdown of the patch notes . In other words: this exploit works without requiring specific user activity on the device.
The two critical vulnerabilities have been named CVE-2023-20951 and CVE-2023-20954 , although not much additional information is available about either. The registry database lists both CVEs as reserved, but does not provide information about them at this time.
“Android partners are notified of all issues at least one month prior to publication. Source code patches for these issues will be posted to the Android Open Source Project (AOSP) repository within the next 48 hours” [as of March 6].
When will the update be available?
It should be noted that although Google is already ready to compile this patch and have it ready for distribution as soon as tomorrow, owners of a mobile phone with the Android operating system will have to wait until their manufacturer serves it .
This depends from one brand to another , it varies depending on a series of factors and it is generally the most modern models that usually receive updates both with new features and with these monthly security patches.
Generally, it is the users of Google mobile phones, such as the Pixels, who usually receive them before, since they do not have to pass the second filter of a manufacturer and for this reason they are usually among the first Android devices to receive security updates .
If you don’t see your mobile phone alerting you to a pending update, you can try to manually check if one is available in the Configuration or Settings menu of your device. This can force manual installation so that you are not vulnerable to CVE-2023-20951 and CVE-2023-20954.
Until then, remember to always have your Android mobile protected with one of the best security solutions. In the last AV-TEST report, they recommended the following for the Google operating system.
- AhnLab: V3 Mobile Security.
- Avast: Mobile Security.
- AVG: AntiVirus FREE.
- Avira: Antivirus Security.
- Bitdefender: Mobile Security.
- F-Secure: SAFE.
- Kaspersky: Standard for Android.
- McAfee: Mobile Security.
- Norton: Norton 360.
- Protected.net: Total AV.
- securiON: OnAV.
- Sophos: Intercept X for Mobile.
- Trend: Micro Mobile Security.