CERT-In – or Indian Computer Emergency Response Team – has warned of several security issues affecting multiple versions of Android. If exploited by a malicious user, these security flaws can be used to execute dangerous code, collect sensitive data, and conduct a denial-of-service (DoS) attack on a victim. The security vulnerabilities affect three major versions of Android, spanning different parts of Google’s operating system (OS) – from the framework to components from Arm, MediaTek, Qualcomm, Unisoc and others, the cybersecurity agency said.
In a vulnerability note issued earlier this week, CERT-In lists 51 security flaws affecting the Android operating system. The nodal organization responsible for dealing with cybersecurity issues and threats has issued a critical severity rating for the vulnerability note. All entries listed by CERT-In have been assigned a Common Vulnerabilities and Exposures (CVE) number.
According to CERT-In, these vulnerabilities affect Android 13, Android 12, Android 12L, and Android 11. It is currently unclear whether Android 14 is also affected, as the source code for Android 14 was published a few days before the advisory.
The 51 security flaws listed by CERT-In affect various parts of the Android operating system, from the Android framework, the Android system and Google Play system updates. Meanwhile, software for components not directly controlled by Google, including those from Arm, MediaTek, Unisoc and Qualcomm, is also affected by these vulnerabilities.
Attackers who exploit these flaws can potentially escalate their privileges on a target’s smartphone, execute arbitrary (and malicious) code, extract sensitive information, and even conduct a denial-of-service (DoS) attack, CERT-In said.
Two of these flaws – CVE-2023-4863 and CVE-2023-4211 – can be actively exploited by attackers, and users should “urgently” apply security patches, according to the agency. These flaws affect the Chromium engine that powers Google’s browser and GPU memory processing on Android, respectively.
Users with Pixel smartphones can install the latest update, including the October security patches. Unfortunately, users who own smartphones from other manufacturers will have to wait for a security update to come out along with fixes for these security flaws.