Home / Technology / Android's March Update Fixes 129 Flaws, Including Exploited Bug
Android's March Update Fixes 129 Flaws, Including Exploited Bug
3 Mar
Summary
- Android's March update addresses 129 vulnerabilities, including 10 critical flaws.
- A high-severity bug, CVE-2026-21385, affecting Qualcomm chipsets, was exploited.
- Two patch levels were released, with Pixel devices receiving updates first.
Google has issued a significant security update for Android, addressing a total of 129 vulnerabilities. This comprehensive patch includes fixes for 10 critical-severity bugs and one high-severity issue that had been exploited in the wild.
The actively exploited vulnerability, identified as CVE-2026-21385, is a buffer over-read flaw within a Qualcomm graphics module. This issue, scored at 7.8/10, impacted 235 Qualcomm chipsets and involved memory corruption when handling user-supplied data without proper checks. Indications suggest limited, targeted exploitation of this flaw.
Beyond the actively exploited bug, the update also resolved 10 critical vulnerabilities across System, Framework, and Kernel components. These could theoretically enable remote code execution, privilege escalation, and denial-of-service attacks. The most severe of these allows for remote code execution without additional user interaction or privileges.
Google released the fixes through two patch levels: 2026-03-01 and 2026-03-05, with the latter containing all 129 patches. Due to Android's fragmented ecosystem, widespread patching will take time. Pixel devices received the updates first, while original equipment manufacturers (OEMs) will integrate them into their product release schedules.
