A total of 60 security vulnerabilities were remediated as a part of the March 2023 Android security update

Target Industry

Indiscriminate, opportunistic targeting.

Overview

A total of 60 security vulnerabilities were remediated as a part of the March 2023 Android security update. The updates were released via two separate patch releases.

Two of the most notable vulnerabilities within the first release are being tracked as CVE-2023-20951 and CVE-2023-020954. However, Google has withheld all information about these to prevent threat actors from engaging in active exploitation prior to users applying the relevant updates.

Two of the most notable vulnerabilities within the second release are being tracked as CVE-2022-33213 and CVE-2022-33256 and pertain to closed-source Qualcomm components.

Impact

– CVE-2023-20951 and CVE-2023-020954: Successful exploitation of these vulnerabilities could allow a threat actor to perform remote code execution with no additional execution privileges needed. User interaction is not required for these exploitations.
– CVE-2022-33213 and CVE-2022-33256: Successful exploitation of these vulnerabilities allows a remote application to execute arbitrary code.

Vulnerability Detection

Google has patched the security flaws within the respective product versions. As such, previous product versions are vulnerable to the potential exploits.

Affected Products

– Android Systems operating on versions 11, 12, and 13.

Containment, Mitigations & Remediations

To apply the update to an Android device, follow the steps below:

1. Select ‘Settings’
2. Select ‘System’
3. Select ‘System Update’ and click on the ‘Check for updates’ button.

Android versions 10 or older reached the end of life (EoL) in September 2022 and, as such, will not receive remediations for the vulnerabilities reported on. However, some security patches may reach these devices via Google Play system updates, which can be accessed by following the below steps:

1. Select ‘Settings’
2. Select ‘Security & privacy’
3. Select ‘Updates’
4. Select ‘Google Play system update’.

Users of older devices that are still functional are recommended to switch to an active third-party Android distribution, such as LineageOS or GrapheneOS, which offer up-to-date operating system images for devices no longer supported by their Original Equipment Manufacturers (OEMs).

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Android devices occupy 72.26% of the mobile operating system market share. Threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on. As a result, the Android operating system becomes a prime target. Due to the fact that smartphones and tablets have become an integral aspect of both personal and business affairs, threat actors will continue to exploit vulnerabilities contained within these devices in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactic:

TA0002 – Execution

Technique – Lateral Movement:

T1210 – Exploitation of Remote Services

Further Information

Bleeping Computer Article
Android Security Bulletin