Android Security Update Fixes 129 Vulnerabilities, Including Actively Exploited Zero-Day
By AnuPriya
March 3, 2026
Categories:
Cyber Security NewsCybersecurityVulnerability
Google released its March 2026 Android Security Bulletin, patching 129 vulnerabilities across the Android ecosystem.
This update sets a record for the highest number of fixes in a single month. It splits into two patch levels: 2026-03-01 for core Android flaws and 2026-03-05 for hardware-specific issues.
Device makers can roll out the first level quickly, then add the rest.
The Zero-Day Alert: CVE-2026-21385
The standout threat is CVE-2026-21385 in Qualcomm’s Display and Graphics component. Google warns of limited, targeted exploitation in the wild.
This high-severity integer overflow leads to memory corruption, letting attackers bypass security and compromise devices. Zero-days in display tech often aid advanced hackers in real-world attacks.
The 2026-03-01 patches fix severe flaws in Android’s base:
CVE-2026-0006 (System): Critical remote code execution (RCE) with no user interaction needed; attackers could seize control remotely.
CVE-2025-48631 (System): Critical denial-of-service (DoS) that crashes devices remotely.
Other fixes target framework and system elevation-of-privilege (EoP), information disclosure (ID), and DoS issues, all high severity.
Core Android Platform (2026-03-01)
CVE ID Component Type Severity
CVE-2026-0006 System RCE Critical
CVE-2025-48631 System DoS Critical
CVE-2026-0047 Framework EoP Critical
CVE-2025-32313 Framework EoP High
CVE-2025-48544 Framework EoP High
Kernel/Virtualization (2026-03-05)
CVE ID Subcomponent Type Severity
CVE-2024-43859 Flash-Friendly File System EoP Critical
CVE-2026-0037 pKVM EoP Critical
CVE-2026-0038 Hypervisor EoP Critical
Vendor/Hardware (2026-03-05)
CVE ID Vendor Subcomponent Severity
CVE-2026-21385 Qualcomm Display (Exploited) High
CVE-2025-47394 Qualcomm Kernel High
CVE-2025-2879 Arm Mali GPU High
The 2026-03-05 level patches kernel EoP in pKVM and Hypervisor, plus high-severity issues from Qualcomm, Arm, Imagination Technologies, MediaTek, Unisoc, and OEMs like VBMeta.
Update to 2026-03-05 or later via your device maker. Enable Google Play Protect for ongoing app scanning.
Google will push AOSP source patches within 48 hours. Unpatched devices risk RCE, EoP, and crashes. Act fast against this zero-day and critical vulnerability.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Share
Facebook
Twitter
Pinterest
WhatsApp
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.
Recent Articles
CISA Alerts on Actively Exploited Chrome 0-Day Vulnerabilities
Cyber Security News March 17, 2026
Stryker Confirms Massive Wiper Attack That Erased Thousands of Devices
Cyber Attack March 17, 2026
Government Entities Targeted By CamelClone Espionage Campaign Using Rclone and Public Hosting Sites
APT March 17, 2026
RondoDox Botnet Grows To 174 Exploits With Large-Scale Residential IP Abuse
Botnet March 17, 2026
How to Find an Affordable, Easy to Deploy PAM in 2026 (and What to Avoid)
Technology March 16, 2026
Related Stories
Cyber Security News
CISA Alerts on Actively Exploited Chrome 0-Day Vulnerabilities
AnuPriya - March 17, 2026
Cyber Attack
Stryker Confirms Massive Wiper Attack That Erased Thousands of Devices
AnuPriya - March 17, 2026
APT
Government Entities Targeted By CamelClone Espionage Campaign Using Rclone and Public Hosting Sites
Varshini - March 17, 2026
Botnet
RondoDox Botnet Grows To 174 Exploits With Large-Scale Residential IP Abuse
Varshini - March 17, 2026
Cyber Attack
Cyberattack Targets Poland’s Nuclear Research Center, Investigation Underway
AnuPriya - March 16, 2026
Cyber Security News
Betterleaks: New Open-Source Tool for Scanning Files, Directories, and Git Repositories
AnuPriya - March 16, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: