Android Security Update – Patch for 129 Vulnerabilities and Actively Exploited Zero-Day - CybersecurityNews

Home Android Android Security Update – Patch for 129 Vulnerabilities and Actively Exploited Zero-Day Android Security Update Google has released its highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem. This massive update represents one of the highest numbers of patches issued in a single month in recent years. The rollout is structured into two distinct security patch levels, 2026-03-01 and 2026-03-05, giving device manufacturers the flexibility to rapidly deploy fixes for core Android platform flaws before addressing complex hardware-specific issues. The most severe threat addressed in this bulletin is a high-severity zero-day vulnerability that is currently being exploited in limited, targeted attacks. Actively Exploited Zero-Day: CVE-2026-21385 The focal point of the March update is CVE-2026-21385, a high-severity zero-day flaw located within an open-source Qualcomm Display component. Technical analysis indicates that this issue stems from an integer overflow or wraparound bug that causes memory corruption during memory allocation alignment. Field Details CVE ID CVE-2026-21385 Severity High Component Qualcomm Display Issue Integer overflow leading to memory corruption Impact System instability and device compromise Status Patched (March 2026); actively exploited in limited attacks Google and Qualcomm have both confirmed indications of limited, targeted exploitation of this vulnerability in the wild. Because this memory corruption flaw resides in the hardware display drivers, successful exploitation could allow threat actors to bypass strict security boundaries and manipulate critical memory structures. Users operating Android devices with affected Qualcomm chipsets face an elevated risk and must prioritize applying this patch immediately. Beyond the zero-day, the 2026-03-01 patch level resolves several critical platform flaws that do not require user interaction for an attacker to exploit. The most dangerous of these is CVE-2026-0006, a Remote Code Execution (RCE) vulnerability found in the core System component. If successfully leveraged, a remote attacker could run malicious code without needing any additional execution privileges.​ Additionally, the Android Framework component received a patch for CVE-2026-0047, a critical Elevation of Privilege (EoP) vulnerability. EoP flaws are highly sought after by cybercriminals, as they are often chained with initial RCE exploits to grant malicious applications deep administrative access over the compromised device.​ Vendor-Specific Component Flaws The secondary 2026-03-05 patch level is dedicated to resolving 66 vulnerabilities found in closed-source and open-source third-party hardware components. CVE ID Component Vulnerability Type Severity CVE-2026-21385 Qualcomm Display Zero-Day (Memory Corruption) High CVE-2026-0006 System Remote Code Execution (RCE) Critical CVE-2025-48631 System Denial of Service (DoS) Critical CVE-2026-0047 Framework Elevation of Privilege (EoP) Critical CVE-2024-43859 Kernel (F2FS) Elevation of Privilege (EoP) Critical CVE-2026-0037 Kernel (pKVM) Elevation of Privilege (EoP) Critical Google collaborated with major vendors to patch severe flaws impacting Arm, Imagination Technologies, MediaTek, and Unisoc hardware. These fixes address numerous Elevation of Privilege and Information Disclosure vulnerabilities deeply embedded within device modems, hypervisors, and GPU drivers. This extensive list of hardware-level patches highlights the ongoing challenge of securing the complex mobile supply chain against advanced persistent threats. To protect against these sophisticated threats, users should verify their device’s security patch level through their system settings. Devices running the 2026-03-05 patch level are fully protected against all 129 vulnerabilities detailed in this bulletin, as well as those addressed in previous security updates. Google will publish the corresponding source code patches to the Android Open-Source Project (AOSP) repository within 48 hours to ensure long-term platform stability for the wider ecosystem.  Meanwhile, Google Play Protect remains an active defense layer for users with Google Mobile Services, continuously monitoring and blocking potentially harmful applications attempting to exploit these newly disclosed flaws. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery Cyber Security News Microsoft Exchange Online Mailbox Access Outage Affects Users Globally Cyber Security News Betterleaks – A New Open-Source Tool to Scan Directories, Files, and Git Repositories Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026