Android’s April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities


Google’s Android security bulletin for April 2023 describes 26 vulnerabilities resolved in the Framework and System components as part of the 2023-04-01 security patch level. Most of these are high-severity flaws leading to elevation of privilege (EoP) or information disclosure.

Two of the 16 issues addressed in System, however, are critical-severity RCE bugs, tracked as CVE-2023-21085 and CVE-2023-21096.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation,” Google explains.