Two critical remote code execution (RCE) vulnerabilities impacting Android systems running versions 11, 12, 12L, and 13 have been patched with the March security updates for Android. It is crucial to update your device as soon as possible to avoid any potential attacks. The March 2023 Android Security Bulletin provides all the details of the security vulnerabilities affecting Android devices. It is important to note that if your Android phone has patch level 2023-03-05 or later, the issues discussed below have been resolved. The updates are available for Android 11, 12, and 13. It is recommended to check for updates regularly under the 'Software updates' tab in your phone's 'About phone' or 'About device' settings. Remember, even though Android partners are notified of all issues at least a month before publication, this doesn’t always mean that the patches are available for devices from all vendors.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs that deal with RCE vulnerabilities which were patched in these updates are: CVE-2023-20951 and CVE-2023-20954. Both are critical RCE vulnerabilities in the System component. The most severe vulnerability could lead to remote code execution with no additional execution privileges needed, and user interaction is not needed for exploitation. CVE-2022-33213 and CVE-2022-33256 are vulnerabilities in Qualcomm closed-source components that could allow for remote code execution. It is crucial to note that buffer overflows and memory corruption vulnerabilities enable attackers to execute arbitrary code.
At Waves IT, we are your trusted technology and cyber security partner. Our team of experts stays up-to-date with the latest security vulnerabilities to provide you with reliable solutions to keep your business secure. Don't let cybercriminals get the upper hand - partner with Waves IT to ensure your business is safe and secure.