Take action: Not the most urgent patch level for Android but definitely an important one for Pixel devices. It’s still wise to apply the Android patch as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks before the update is released for your phone.

Learn More

The latest security updates for Android, announced on Monday 4th of March 2024, address a total of 38 vulnerabilities, including two critical-severity issues found within the System component.

The critical vulnerabilities are

• CVE-2024-0039 could enable remote code execution without requiring any additional execution privileges.
• CVE-2024-23717 could result in elevation of privilege for an attacker.

These vulnerabilities affect Android versions 12, 12L, 13, and 14.

Both critical flaws have been remedied in the March 2024 security update for Android. This update also addresses 11 other vulnerabilities of high severity located in the Framework component (eight vulnerabilities) and the System component (three vulnerabilities), which could lead to issues such as elevation of privilege, information disclosure, or denial of service.

The patch resolves additional 25 vulnerabilities found in components from AMLogic, Arm, MediaTek, and Qualcomm. Devices updated to the 2024-03-05 security patch level are protected against all 38 identified security issues.

Additionally, Google disclosed patches for over 50 vulnerabilities in Pixel devices, which include 16 critical-severity flaws that could lead to remote code execution and elevation of privilege. Pixel devices that are updated to the 2024-03-05 security patch level will be safeguarded against these vulnerabilities as well as the ones addressed in the broader March 2024 security update for Android.

Furthermore, the new security updates for Android’s Automotive OS, Wear OS, and Pixel Watch include patches for the 38 Android flaws. The Wear OS update notably fixes an extra high-severity vulnerability that could allow for elevation of privilege.

While Google has not reported any of these vulnerabilities being exploited in the wild, users are strongly encouraged to update their devices as soon as the updates become available to them.