Summary
- Google releases the September security update for its Pixel phones, and it’s still based on Android 13.
- The September update includes security fixes that address 32 vulnerabilities across Android OS and specific hardware elements, and an additional Pixel-specific CVE is also closed.
- The update is rolling out to all Pixel devices from the Pixel 4a 5G and up, as the standard Pixel 4a was only promised updates until August 2023.
When Google launched its Android 14 beta program back in February, we figured the new version would roll out to regular users sometime in August — after all, Android 13 officially debuted on August 15, 2022. And when August came and went , we were all but certain that the new OS would be ready in September—that is, until we heard rumors it would be delayed to the first week of October. Now those rumors are almost confirmed as Google’s September monthly security update is here and it’s still based on Android 13.
Google made the update official with a post on its Pixel community forums today, and the new build has the version number TQ3A.230901.001 on most Pixel variants. These monthly updates usually come with release notes highlighting the major user-facing changes we should expect to see, but this month’s only includes the following:
This update is rolling out to all Pixel devices from the 4a 5G to the Pixel Fold and tablet. Notably, the standard Pixel 4a was only promised updates for August 2023 and isn’t receiving today’s update, while the Pixel 4a 5G variant is slated for support until November 2023. The 4a wasn’t included in Google’s Android 14 beta program, but the 4a 5G was, so this was expected.
Google announced earlier this month Android Security Bulletin for September 2023, which details the specific vulnerabilities that were addressed by under-the-hood patches contained in today’s update. There are two sets of patches, one dated September 1, 2023 and the other dated September 5, 2023. The first contains fixes for vulnerabilities in Android itself, while the second set addresses hardware-specific attack surfaces. In total, this month’s bulletin covered 32 CVEs of high and critical severity—20 in the September 1st patches and another 12 in the September 5th set—with the worst being a deficiency in the Bluetooth stack that could have allowed an attacker to remotely execute code on a device without user interaction.
The company has also today published a separate security bulletin for Pixel phones for the month of September. Only one critical vulnerability is listed: CVE-2023-4211.
Google’s monthly security updates usually take about a week to reach most users, but we’ve seen that certain device types and carrier combinations sometimes take longer. To see if the update is available, go to Settings → System → System Update on your Pixel, then tap Search for update. If you don’t want to wait, you’ll be surprised how easy it’s become to update firmware manually using Google’s first-party Android Flash tool – it’s just a matter of clicking a few buttons to flash factory photos or read sideways OTA fileand you should be able to get the new version up and running within half an hour.
