CERT-In warns of several security flaws in Android: Is your device at risk?

CERT-In advises users to update their devices to the latest software version to mitigate risks and safeguard against potential threats

Don't want to miss the best from Business Standard?

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Android smartphone users, warning of security vulnerabilities in their devices. The advisory applies to all devices running on Android version 12 or newer, irrespective of the manufacturer. CERT-In has categorised these vulnerabilities as "High risk," cautioning that they could allow attackers to gain unauthorised access to sensitive data, disrupt services, and more.

 

CERT-In stated that multiple vulnerabilities exist in Android due to flaws in the Platform, Framework, System, and device components including Arm components, MediaTek components, Unisoc components and Qualcomm components. The advisory highlighted that successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive user information, execute arbitrary code and cause denial of service (DoS) conditions on targeted systems.

 

Not just smartphones, but tablets, smartwatches and other systems powered by the Android platform are at risk.

 

Google has already addressed these issues in the latest source code patches, released to the Android Open Source Project (AOSP) repository. CERT-In advises users to update their devices to the latest software version, when provided by the OEM (Original Equipment Manufacturer), to mitigate risks and safeguard against potential threats.

 

The full list of affected software includes:

• Android 12
• Android 12L
• Android 13
• Android 14
• Android 15

A similar advisory was issued earlier this week for Apple devices running older software versions. It highlighted vulnerabilities in iPhones running iOS versions earlier than iOS 18.3, as well as outdated iPads, Apple Watches, Macs, and versions of Apple's Safari web browser.