The Computer Emergency Response Team (CERT-In) operating under the Ministry of Electronics and Information Technology has recently raised a "high" level security alert concerning Android phone users. On its official website, CERT-In has highlighted the presence of "multiple vulnerabilities" that, if not adequately addressed, could potentially provide attackers with unauthorized access to smartphones and sensitive information. To mitigate these risks, the advised course of action entails updating apps directly through the Google Play Store and verifying the availability of Android OS updates.
This security risk encompasses a considerable user base, as the identified Android vulnerabilities impact individuals using smartphones with Android 11, Android 12, and Android 13 operating systems. Additionally, those utilizing tablets and foldable devices with Android 12L-based OS are also exposed to potential threats. CERT-In's warning states, "Multiple vulnerabilities have been reported in Android which could allow an attacker to gain elevated privileges, obtain sensitive information, execute remote code or cause denial of service conditions on the target system."
Further elaborating on these security flaws, the website underscores that these vulnerabilities originate from deficiencies within various components of the Android system, including Framework, System, Google Play system, Qualcomm components, and Qualcomm closed-source components. Exploiting these vulnerabilities successfully could empower attackers to acquire elevated privileges, access sensitive data, execute remote code, or induce denial of service conditions on the targeted system.
This security issue holds the potential to affect a substantial number of users in India, given the country's extensive Android user base. According to Statista data, Android commanded a dominant market share of 95.26 percent in India's mobile operating system market in 2022.
As previously mentioned, the primary strategy for safeguarding devices against these vulnerabilities lies in keeping smartphones up-to-date. Firstly, users are encouraged to ensure that all apps on their devices are running the latest available versions. Additionally, individuals should verify the presence of any pending OS updates. While the precise steps to check for updates may vary depending on the specific Android device, generally, users can navigate to 'Settings' and search for 'Android updates' to perform this task.
Although these new vulnerabilities pertain to system-related flaws, it is also advisable for users to exercise caution by using apps developed by reputable sources and avoiding the download of applications from third-party online stores.
It is worth noting that CERT-In had previously issued a similar warning in August 2023. During that instance, Android vulnerabilities affected users of Android 13-powered smartphones in India, stemming from issues within Framework, Android Runtime, System Component, Google Play system updates, Kernel, Arm components, MediaTek components, and Qualcomm closed-source components.
Â
