A nonprofit security group issued an alert this week telling Google Android smartphone users to update their systems as soon as possible due to “multiple vulnerabilities” that could allow for an attacker to remotely install programs or delete data.
So far, March’s updates have already rolled out for some of Samsung’s Galaxy phones but not all. If your Android device is slated to have been updated but the patch hasn’t arrived, one can try updating manually. Users can go to the Settings app, touch “Software update,” and then tap “Download and install.” If the latest update doesn’t appear, it likely means the update hasn’t been rolled out for that device yet.
A report from 9to5Google says that Samsung rolled out its March updates for the most recent Galaxy S smartphones starting Tuesday, March 7. The first one to receive the updates is the Galaxy S23 series, which was released earlier in 2023. Patches were also rolled out for the Samsung Galaxy S22, Galaxy S21, and Galaxy S20 models.
“The updates should be making their way to more markets in the coming days. In case you haven’t received the OTA notification on your phone [to] date, you can manually check for it by heading over the Software update section in the Settings app,” noted a developers’ website.
Each month’s security updates are created by Google and used by Samsung and other Android device manufacturers. This month’s bulletin includes updates and fixes for 26 issues, including two that were marked as “critical.”
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” an Android bulletin states. “User interaction is not needed for exploitation.”
“The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed,” it adds.
‘HIGH’ Risk
The Center for Internet Security, a nonprofit founded in October 2000, said Wednesday that the aforementioned “multiple vulnerabilities” recently detected in Android’s operating system “could allow for remote code execution,” meaning “an attacker could then install programs; view, change, or delete data; or create new accounts with full rights” on a person’s device.
For government entities and businesses, these two vulnerabilities present a “HIGH” risk, the nonprofit warned. The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency, or CISA, has not yet issued an alert for the reported vulnerabilities.
But the Center for Internet Security said that users of phones with Google Android’s operating system should “apply appropriate patches provided by Google to vulnerable systems, immediately after appropriate testing.”
While some devices have updates automatically implemented, users should manually check to see if their phone is updated. The file size is more 350 MB in size, meaning that it is recommended that users remain connected to WiFi while the update installs.
Confirming the update, Samsung said that it is “releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.” That package “includes patches from Google and Samsung. Google patches include patches up to Android Security Bulletin – March 2023 package,” it stated.
From The Epoch Times
