Android April 2023 Security Updates fix several critical vulnerabilities
Google published the Android Security Bulletin for April 2023 earlier today. The bulletin lists vulnerabilities that Google has patched. It is divided into two patch levels: the first contains security fixes for Android system and framework, the second hardware-vendor specific security fixes.
The first patch level addresses issues in system and framework. 10 unique vulnerabilities are addressed in Framework; they have a severity rating of high or moderate, and are either elevation of privilege or denial of service vulnerabilities.
Android System is affected by 16 unique vulnerabilities, two of them rated critical, the remaining 16 high. The two critical vulnerabilities allow remote code execution on successful exploits. The vulnerabilities rated high allow elevation of privilege, denial of service and information disclosure attacks. Google addressed issues in Google Play's MediaProvider and Wifi components as well.
The second patch level addresses a total of 41 different security issues in various components. Four of the 41 security issues have received a severity rating of critical, the highest rating. All four affect Qualcomm components. The Android April 2023 security updates address a total of 69 different security issues.
Some security updates affect only specific versions of Android, e.g., only Android 13.
Android device owners may want to check the system updates option in Settings to find out if the April 2023 patch is available for their device already. Manufacturers are not always quick when it comes to releasing security updates, but the overall situation has improved in recent years in many regards.
Still, it may take days or weeks before the security updates are offered on certain devices. Some manufacturers may provide additional information on the schedule and scope on their websites.
Samsung, for example, has published information regarding the Android April 2023 already on its website. There, the company lists the critical, high and moderate security issues that Samsung devices are affected by, and the security issues that are not applicable to Samsung devices. Samsung, in addition to addressing these vulnerabilities has also addressed a further 23 Samsung-specific vulnerabilities, which the company published on the security update website as well.
The company is dividing the security updates into two patch levels, with the first release including all Google and Samsung vulnerabilities.
Now You: when do you get and install security updates on Android devices?
HMD (nokia) updates on a prepay here are about 1 month out usually. Just installed the March update 2 days ago.
People tend to downplay the risks of using outdated Android phones, thinking nothing bad could ever happen since it’s “just a phone”.. But looking at the fixes every month, the amount of security holes patched every year is quite staggering. I’d say we’re on par with the leaking catastrophy known as windows. Personally I felt I had to jump onboard with Samsung since they offer the fastest updates and the longest support. Nope, Pixel phones aren’t common in my country. I just wish samsung would get their heads out of their asses and let us get rid of 90% of their own apps (and Google’s..) on our phones..That would make the battery last a week without a doubt. But yeah, I’m not using a phone that’s not patched and neither should you. You probably have more important things on your phone than on your computer, so start behaving accordingly.
none of my smartphones is getting updates, due to stupid google’s schedule, tending stop upgrades from phones that isnt android 10 or upper.
Thanks, Martin, thanks for the informative article. Also, for me personally, the link you provided to the Samsung April update information is very useful.