Is your device at risk? CERT-In warns of several high-risk flaws in Android

The govt agency has issued an advisory stating that devices powered by Qualcomm and MediaTek processors, including Android phones and tablets, are among those affected

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about several security flaws identified in Android devices. These vulnerabilities could allow attackers to access confidential data, gain higher system privileges, or execute arbitrary code remotely.

Devices powered by Qualcomm and MediaTek processors, including Android phones and tablets, are among those affected.

Due to this bug, attackers can gain elevated access without needing additional execution privileges, allowing them to easily disable or bypass your device’s security.

This advisory follows a similar warning from CERT-In concerning vulnerabilities in Apple iPhones earlier this week.

Which Android software versions are affected?

CERT-In specified that Android versions 12, 12L, 13, and 14 are susceptible to these vulnerabilities. The agency noted that the issues arise from flaws within the Android Framework, System, Kernel, as well as components from ARM, Imagination Technologies, MediaTek, Qualcomm, and Qualcomm’s proprietary components.

What Qualcomm said in response

Meanwhile, Qualcomm said that it had provided fixes to its OEMs ahead of the August android security bulletin. "Developing technologies that endeavor to support robust security and privacy is a priority for Qualcomm Technologies. The standard monthly Android Security bulletins are an essential tool for the continued health of the Android ecosystem. For the issues mentioned, Qualcomm made fixes available to its OEMs in advance of the August Android Security bulletin,” the company's spokesperson said. 

The firm also urged users to apply security updates as soon as they are released by device manufacturers.

How to be safe from security flaws in Android devices?

To mitigate the risks, CERT-In recommended that users promptly install any updates provided by their device manufacturers. Users should also ensure that their Android devices are operating on the latest available software version, only download apps from trusted sources, and activate automatic updates for both applications and the operating system.

Be cautious and avoid clicking on random messages, emails, or links, particularly those requesting personal information or credentials, as phishing attacks are a common tactic used by hackers to exploit vulnerabilities. If you suspect your device has been compromised, consider performing a factory reset as a last resort. This action will erase all data on your device, including any malware.

‘Severe’ alert for Apple users

Earlier in the week, CERT-In issued a "severe" advisory to Apple users, identifying multiple vulnerabilities across a range of Apple products, including iPhones, iPads, and Macs. These vulnerabilities could potentially lead to data breaches, service disruptions, and spoofing attacks. CERT-In has classified these vulnerabilities as having a "High" severity level.

The advisory, dated August 2, highlighted that affected Apple software included iOS and iPadOS versions prior to 17.6 and 16.7.9, macOS Sonoma versions before 14.6, macOS Ventura versions prior to 13.6.8, macOS Monterey versions before 12.7.6, watchOS versions before 10.6, tvOS versions before 17.6, visionOS versions before 1.3, and Safari versions prior to 17.6.

Apple has released the necessary security updates, and users are urged to update their devices to the latest software versions available on Apple’s official website. CERT-In had issued a similar warning in May, emphasising the importance of keeping iPhone software up-to-date to mitigate high-level risks.

CERT-In also recommended that Apple users regularly update their device software to the latest security patches to address these issues. Apple has reiterated the importance of timely software updates, encouraging users to verify that they are running the most current version provided by the company.