CERT-In has issued a notification about multiple security vulnerabilities present in different versions of the Android operating system. If these vulnerabilities were to be utilised by a user with ill intentions, they could potentially execute specific codes, access private data, or initiate a denial-of-service (DoS) attack. These vulnerabilities are found in three primary Android versions and are spread throughout various sections of Google's OS. This includes, but is not limited to, areas managed by Arm, MediaTek, Qualcomm, and Unisoc, as shared by the cybersecurity entity.
Earlier in the week, CERT-In released a note detailing 51 security issues concerning the Android OS. The agency, which is tasked with handling cybersecurity challenges and threats, has categorised this note with a high level of severity. Every vulnerability highlighted by CERT-In is associated with a Common Vulnerabilities and Exposures (CVE) number.
Based on the information from CERT-In, the affected Android versions include Android 13, Android 12, Android 12L, and Android 11. At this moment, it is uncertain if Android 14 is also affected. This is because the Android 14 source code was made available just a short time before the advisory was disseminated.
The mentioned 51 vulnerabilities encompass diverse sections of the Android operating system. This extends from the Android framework to Android system updates and Google Play system updates. Additionally, software components not under Google's direct oversight, like those from Arm, MediaTek, Unisoc, and Qualcomm, are susceptible to these vulnerabilities.
According to CERT-In's information, individuals exploiting these vulnerabilities might have the capability to increase their access on a target's phone, run specific code sequences, access private data, or initiate a DoS attack.
Among these vulnerabilities, two (identified as CVE-2023-4863 and CVE-2023-4211) could be exploited by malicious entities. Therefore, CERT-In advises users to promptly apply security patches to address these issues. Specifically, these vulnerabilities are associated with the Chromium engine (used in Google's browser) and Android's GPU memory processing functions.
For Pixel smartphone users, an update containing the security patches for October is available. However, individuals with smartphones from different producers might need to wait for a forthcoming security update that rectifies these vulnerabilities.
