Android Security Update – Patch for 129 Vulnerabilities and Actively Exploited Zero-Day

Google has released its highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem.

This massive update represents one of the highest numbers of patches issued in a single month in recent years.

The rollout is structured into two distinct security patch levels, 2026-03-01 and 2026-03-05, giving device manufacturers the flexibility to rapidly deploy fixes for core Android platform flaws before addressing complex hardware-specific issues.

The most severe threat addressed in this bulletin is a high-severity zero-day vulnerability that is currently being exploited in limited, targeted attacks.

Actively Exploited Zero-Day: CVE-2026-21385

The focal point of the March update is CVE-2026-21385, a high-severity zero-day flaw located within an open-source Qualcomm Display component.

Technical analysis indicates that this issue stems from an integer overflow or wraparound bug that causes memory corruption during memory allocation alignment.

Google and Qualcomm have both confirmed indications of limited, targeted exploitation of this vulnerability in the wild.

Because this memory corruption flaw resides in the hardware display drivers, successful exploitation could allow threat actors to bypass strict security boundaries and manipulate critical memory structures.

Users operating Android devices with affected Qualcomm chipsets face an elevated risk and must prioritize applying this patch immediately.

Beyond the zero-day, the 2026-03-01 patch level resolves several critical platform flaws that do not require user interaction for an attacker to exploit.

The most dangerous of these is CVE-2026-0006, a Remote Code Execution (RCE) vulnerability found in the core System component.

If successfully leveraged, a remote attacker could run malicious code without needing any additional execution privileges.​

Additionally, the Android Framework component received a patch for CVE-2026-0047, a critical Elevation of Privilege (EoP) vulnerability.

EoP flaws are highly sought after by cybercriminals, as they are often chained with initial RCE exploits to grant malicious applications deep administrative access over the compromised device.​

Vendor-Specific Component Flaws

The secondary 2026-03-05 patch level is dedicated to resolving 66 vulnerabilities found in closed-source and open-source third-party hardware components.

Google collaborated with major vendors to patch severe flaws impacting Arm, Imagination Technologies, MediaTek, and Unisoc hardware.

These fixes address numerous Elevation of Privilege and Information Disclosure vulnerabilities deeply embedded within device modems, hypervisors, and GPU drivers.

This extensive list of hardware-level patches highlights the ongoing challenge of securing the complex mobile supply chain against advanced persistent threats.

To protect against these sophisticated threats, users should verify their device’s security patch level through their system settings.

Devices running the 2026-03-05 patch level are fully protected against all 129 vulnerabilities detailed in this bulletin, as well as those addressed in previous security updates.

Google will publish the corresponding source code patches to the Android Open-Source Project (AOSP) repository within 48 hours to ensure long-term platform stability for the wider ecosystem.

 Meanwhile, Google Play Protect remains an active defense layer for users with Google Mobile Services, continuously monitoring and blocking potentially harmful applications attempting to exploit these newly disclosed flaws.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Android Security Update – Patch for 129 Vulnerabilities and Actively Exploited Zero-Day appeared first on Cyber Security News.