CERT-In has issued a High severity warning for people who are using Android compatible devices. Indian Computer Emergency Response Team has cited several vulnerabilities in Android versions – 12 through 15.
CERT-In Has Issued A High Severity Warning Android: The Indian Computer Emergency Response Team (CERT-In) has issued a warning for Android phone users, stating that it has identified numerous vulnerabilities in Android software that could be easily exploited by hackers. The cybersecurity agency, which operates under the Ministry of Electronics and Information Technology, warned Android users with a ‘High’ severity rating.
CERT-In Advisory
The advisory stated that several vulnerabilities have been discovered in the Android which hackers can easily use and exploit to “execute arbitrary code on the targeted system.”
“These vulnerabilities exist in Android due to flaws in the Framework, System, Google Play system updates (ART and Wi-Fi subcomponent), Imagination Technologies components, MediaTek components, Qualcomm components and Qualcomm closed-source components,” CERT-In advisory read.
As per the agency, to take benefit of these vulnerabilities, hackers can use arbitrary code on the targeted system or device.
These Android Versions Are At Risk
The CERT-In stated in its warning that as many as five Android versions are at risk because of several vulnerabilities. They are:
- Android v12
- Android v12L
- Android v13
- Android v14
- Android v15
What To Do?
Android users are advised to download the latest updates on their devices. This will avoid falling victim to any hack. Notably, Google has issued a patch for October 2024.
As per a bulletin, “Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.”
The bulletin highlighted that the most critical issue is a significant security vulnerability in the System component. This flaw could allow remote code execution without requiring any additional privileges. The severity of this vulnerability is determined by the potential impact on a device if the protective measures for the platform and service are disabled for development or successfully circumvented.