CERT-In Warns Users of Multiple Security Vulnerabilities Affecting Recent Android Versions

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding several security flaws affecting smartphones running on recent versions of Android. The cybersecurity agency has warned users about vulnerabilities that were recently patched by Google and smartphone component makers like Qualcomm and MediaTek as part of the Android Security Bulletin for this month. Samsung has also issued patches for nine Samsung Vulnerabilities and Exposures (SVE) that were privately disclosed and have moderate severity ratings, as part of the latest security update.

In in advisory issued on Tuesday, CERT-In highlights multiple vulnerabilities detected across parts of the Android operating system, including the “Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components & Qualcomm closed-source components”. The advisory has a “High” severity rating and states that the flaws affect Android 12 (and 12L), Android 13, and Android 14.

According to the cybersecurity agency, Google has patched vulnerabilities in its Android operating system that would allow an attacker to gain unauthorised access to private information on an affected device. The flaws could also be leveraged by the attacker to gain elevated privileges on the device and execute malicious code or start a denial of service (DoS) attack.

Meanwhile, Google has shared detailed information related to specific components that have been patched with the latest Android Security Bulletin — including fixes for bootloader vulnerabilities on devices with AMLogic components, flaws on Mali (Arm) components, and security issues affecting Wi-Fi and kernels on Qualcomm devices.

Samsung has announced that its devices that receive the latest Security Maintenance Release (SMR) Mar-2024 Release 1 update will also be protected against nine SVEs that affect the Wi-Fi, AppLock, and other parts of the operating system as well as the bootloader. The company also says that it has also issued fixes for some SVE items that cannot currently be disclosed.

CERT-In says that users should make sure that their smartphones are updated with the latest monthly security updates in order to make sure that these vulnerabilities have been patched. According to Google’s latest Android Security Bulletin, users whose smartphones have been updated to the 2024-03-05 security patch level should be protected from these security flaws.