Computer Emergency Response Team (CERT-In), has issued a warning for Android users. Classified as ‘high severity,’ this warning pertains to the discovery of multiple vulnerabilities within several versions of the Android operating system, including the most recent Android 13. These vulnerabilities, which have been classified as “high severity,” could be exploited by attackers to gain control of vulnerable devices, steal sensitive information, or disrupt operations.
CERT-In is an agency operating under the Ministry of Electronics and Information Technology. Its aim is to secure Indian cyber space and is responsible for addressing cybersecurity issues, including hacking and phishing. The recent alert from CERT-In highlights the risks within several versions of Android OS which is one of the most popular mobile operating system.
“Multiple vulnerabilities have been reported in Android which could be exploited by an attacker to obtain sensitive information, gain elevated privileges and cause denial of service on the targeted system,” reads the official note.
Here is the list of all the vulnerabilities highlighted by CERT-In:
– CVE-2020-29374
– CVE-2022-34830
– CVE-2022-40510
– CVE-2023-20780
– CVE-2023-20965
– CVE-2023-21132
– CVE-2023-21133
– CVE-2023-21134
– CVE-2023-21140
– CVE-2023-21142
– CVE-2023-21264
– CVE-2023-21267
– CVE-2023-21268
– CVE-2023-21269
– CVE-2023-21270
– CVE-2023-21271
– CVE-2023-21272
– CVE-2023-21273
– CVE-2023-21274
– CVE-2023-21275
– CVE-2023-21276
– CVE-2023-21277
– CVE-2023-21278
– CVE-2023-21279
– CVE-2023-21280
– CVE-2023-21281
– CVE-2023-21282
– CVE-2023-21283
– CVE-2023-21284
– CVE-2023-21285
– CVE-2023-21286
– CVE-2023-21287
– CVE-2023-21288
– CVE-2023-21289
– CVE-2023-21290
– CVE-2023-21292
– CVE-2023-21626
– CVE-2023-22666
– CVE-2023-28537
– CVE-2023-28555
Affected Android versions
According to CERT-In the vulnerabilities affect Android versions 10, 11, 12, 12L, and 13. They are caused by flaws in the Framework, Android Runtime, System Component, Google Play system updates, Kernel, Arm components, MediaTe components and Qualcomm closed-source components.
What is the risk
If exploited by hackers these vulnerabilities could allow them to :
- Gain elevated privileges on the device
- Access sensitive information, such as passwords, photos, and financial data
- Cause denial-of-service conditions, making the device unusable
- Install malicious software on the device
- How to protect your Android device
To keep your Android devices safe, CERT-In recommends that users update their devices to the latest security patches as soon as possible to mitigate these risks. Notably, Google has already released the security patches solving these vulnerabilities. Users can check ‘Android Security Bulletin-August 2023’ for details.
To update your Android phone:
- Go to Device Settings.
- Tap on System.
- Tap on System updates.
- If there is an update available, tap on Download and install.
- Follow the on-screen instructions to complete the update.
In addition to the update here are few more tips to keep your devices safe from any such vulnerability and flaws:
- Only installing apps from trusted sources.
- Using a security app to scan your device for malware.
- Only open emails and attachments from trusted senders.
- Use a strong password and enable two-factor authentication in apps and on your device.
- Back up your data regularly. If your device is lost or stolen, you will want to be able to recover your data.