The Indian Computer Emergency Response Team (CERT-In) has issued a warning about multiple security vulnerabilities affecting various versions of the Android operating system. These vulnerabilities, if maliciously exploited, have the potential to execute harmful code, harvest sensitive data, and launch denial-of-service (DoS) attacks on targets. These security flaws impact three significant versions of Android and various components of Google's operating system, including those from Arm, MediaTek, Qualcomm, Unisoc, and more, as per the cybersecurity agency.
In a recent vulnerability advisory, CERT-In has identified 51 security weaknesses in the Android OS, giving them a critical severity rating. Each of these identified issues has been assigned a Common Vulnerabilities and Exposures (CVE) number.
According to CERT-In, the vulnerabilities affect Android 13, Android 12, Android 12L, and Android 11. It remains uncertain if Android 14 is also susceptible since the advisory was published shortly after the release of Android 14's source code.
Also Read: Inmates Hack Prison Computer Systems To Transfer $225,000
The 51 security flaws outlined by CERT-In impact multiple aspects of the Android operating system, encompassing the Android framework, the Android system, and Google Play system updates. Additionally, these vulnerabilities extend to components not directly controlled by Google, including those from Arm, MediaTek, Unisoc, and Qualcomm.
Exploiting these vulnerabilities would empower attackers to potentially gain elevated access on a target's smartphone, execute arbitrary and malicious code, extract sensitive data, and execute DoS attacks, as warned by CERT-In.
Of particular concern are two of these vulnerabilities, namely CVE-2023-4863 and CVE-2023-4211, which could be actively exploited by attackers. CERT-In strongly advises users to promptly apply security patches to address these issues. These vulnerabilities pertain to the Chromium engine that underpins Google's browser and GPU memory processing operations on Android.
Pixel smartphone users can immediately install the latest updates, which include the October security patches. Regrettably, users of smartphones from other manufacturers will have to wait until security updates are released to mitigate these security flaws.