Android System and Qualcomm Chips Patched for Critical Vulnerabilities
Google usually releases security patches for Android and its Pixel phones on the first Monday of every month. This month is different as Pixel owners are anticipating the QPR2 Pixel Feature Drop release, yet there is no update yet. Pixel owners can check the Google Pixel Community for the latest updates as soon as they get released.
Google released the March Android Security Bulletin at 10:27 a.m. PDT, indicating that security patches will be made to the Android Open Source Project to fix security vulnerabilities. Google warns that it may take up to 48 hours for all the code changes to be uploaded to the AOSP repository.
The March Android Security Bulletin includes two sets of security patches: the March 1, 2023, update and the March 5, 2023, update. The March 1 update fixed 18 system vulnerabilities and 8 framework vulnerabilities while a further 5 vulnerabilities will be fixed via Google Play System updates. The March 5 update primarily includes fixes for vendor-specific vulnerabilities: 21 for Qualcomm, 4 for Unisoc, and 3 for MediaTek, although there is also a patch for a CVE in Android’s kernel.
Google highlights that the most pressing issue on this patch update is a critical vulnerability in Android System, which could result in remote code execution. Several other vulnerabilities were also marked as high severity or critical.
Pixel owners are eagerly awaiting QPR2, which includes several innovative features. Beta 1 included redesigned quick settings panel and new media player animation, among other things. Beta 2 allowed force-theming of home screen icons, while Beta 3 introduced customizable lock screen shortcuts.
Pixel owners can keep an eye on the Google Pixel Community for updates, but at this point, they are getting frustrated with the wait.