CERT-In Issues High-Risk Warning for Android Users Over Critical Vulnerabilities
CERT-In has warned Android users of multiple high-risk vulnerabilities that could allow attackers to execute arbitrary code on affected devices. The issues impact Android versions 12, 12L, 13, 14, and 15, affecting various system components such as the Framework, System, and hardware-related modules. Google has released an October 2024 security patch to address these vulnerabilities, and users are urged to update their devices promptly to mitigate risks.
The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert for Android users, citing several software vulnerabilities.CERT-In, under the Ministry of Electronics and Information Technology, has identified security flaws that attackers could exploit to compromise user devices. This advisory is rated as “High” severity.
Key points from the advisory
CERT-In has reported that several vulnerabilities in Android could allow attackers to execute arbitrary code on targeted devices. These vulnerabilities are present in various components, including the Android Framework, System, Google Play system updates (ART and Wi-Fi subcomponent), Imagination Technologies components, MediaTek components, Qualcomm components, and Qualcomm closed-source components.
Affected Android Versions
The warning applies to the following Android versions:
– Android 12
– Android 12L
– Android 13
– Android 1
Recommended Actions
Android users are advised to update their devices to the latest security patch to protect against these vulnerabilities. Google has already released the October 2024 Android Security patch. The advisory highlights that Android partners are notified of these issues a month before publication, and patches have been released to the Android Open Source Project (AOSP) repository.
The most critical issue identified is a high-severity vulnerability in the System component, which could enable remote code execution without requiring additional privileges. The severity of this flaw is based on its potential impact if exploited, especially if platform mitigations are disabled or bypassed.
Users are urged to apply the necessary updates to safeguard their devices from potential attacks.