The Indian Computer Emergency Response Team (CERT-In) has reported multiple vulnerabilities in Android. These flaws can be exploited by hackers to gain unauthorized access to people’s Android devices. CERT-In reports that multiple Android versions, including the latest Android 13 are prone to these vulnerabilities.
CERT-In has urged the Ministry of Electronics and Information Technology (MeitY) to issue an advisory on these latest flaws. Since these vulnerabilities affect all the latest versions of Android, it leaves millions of Android users in India at a huge risk of getting attacked by hackers.
Government Warns Users Of High-Risk Vulnerabilities in Android
CERT-In has published three new reports on its official website. The second notice CIVN-2023-0262 has notified Indian citizens about newly found critical vulnerabilities in the Android operating system. As per CERT-In, these flaws can be used by hackers and data miners to steal data from users’ phones.
The scale of this issue is massive, as multiple versions of Android are affected by these flaws. As per the report, Android Versions 11, 12, 12L, and 13 are susceptible to these newly discovered vulnerabilities. Apart from stealing data, hackers can also exploit these flaws to gain elevated privileges on affected phones. It also involves gaining illegal remote access to devices and executing any program on the user’s phone.
The root of these vulnerabilities is not just limited to Android. CERT-In says that these issues are caused because of flaws in the Framework of the Google Play System, and Qualcomm components. It also includes flaws in certain closed-source components of Qualcomm, which can only be fixed when Qualcomm pushes a patch.
These issues were originally identified by Google. The company published an Android Security Bulletin highlighting the exact details of these vulnerabilities, including the flaws in the closed-source components of Qualcomm. The good news is that Google has fixed these flaws in its latest monthly security patch.
Google Has Fixed These Vulnerabilities in September 2023 Security Update
Google has released two new security patches in September 2023. The first patch was released on September 1, followed by a second patch on September 5. Google has urged all Android phone manufacturers to implement two new patch string levels in their Android updates. These are:
- [ro.build.version.security_patch]:[2023-09-01]
- [ro.build.version.security_patch]:[2023-09-05]
If you are an Android user, then you should update your phone to the latest version provided by your phone manufacturer. If the security patch on your phone is dated 2023-09-05, then you are safe from these vulnerabilities.
However, if your phone manufacturer has still not provided an update for your device, then we recommend taking some safety measures to ensure that your phone does not get attacked by hackers.
- Do not install third-party apps from outside the Google Play Store.
- Do not click on malicious or unknown links received in emails or messages.
- Avoid using cracked versions of applications.
Note that these are only preventive measures, and the best solution for these vulnerabilities is to install the September 5 Android Security Patch on your Android phone. Users should urge their phone manufacturers for this update to stay safe from these vulnerabilities.
