“Indian Computer Emergency Response Team (CERT-In) Alerts of Over 50 Android Security Vulnerabilities, Urges Immediate Patch Installation”
CERT-In, the Indian Computer Emergency Response Team, has issued a warning regarding numerous security vulnerabilities impacting multiple versions of the Android operating system. These vulnerabilities, if exploited by malicious actors, have the potential to execute harmful code, harvest sensitive data, and initiate denial-of-service (DoS) attacks on victims. The affected Android versions encompass Android 13, Android 12, Android 12L, and Android 11, with uncertainty regarding Android 14’s status as the advisory was issued shortly after its source code publication.
CERT-In’s vulnerability note delineates 51 security flaws across various segments of the Android OS, with a critical severity rating. Each entry is assigned a Common Vulnerabilities and Exposures (CVE) number. The impacted areas range from the Android framework, Android system, and Google Play system updates, to components from entities such as Arm, MediaTek, Unisoc, and Qualcomm, which are not directly controlled by Google.
Exploiting these vulnerabilities could empower attackers to elevate their privileges on a target’s smartphone, execute arbitrary and malicious code, access sensitive information, and even launch DoS attacks. Notably, two of these flaws, identified as CVE-2023-4863 and CVE-2023-4211, are susceptible to active exploitation, prompting CERT-In to stress the urgency of installing security patches. These vulnerabilities are linked to the Chromium engine powering Google’s browser and GPU memory processing operations on Android.
While Pixel smartphone users can already access the latest updates featuring the October security patches, users with devices from other manufacturers will need to await security updates that address these vulnerabilities.