High-Severity Warning by Indian Computer Emergency Response Team (CERT-In) Highlights Vulnerabilities in Android Versions, Including Android 13, with Potential for Exploitation by Hackers
The Indian Computer Emergency Response Team (CERT-In) has issued a ‘high-severity’ warning targeted at Android users. This alert arises from the identification of multiple vulnerabilities across various iterations of the Android operating system, including the recent Android 13 version. These vulnerabilities, categorized as ‘high-severity,’ hold the potential to be exploited by malicious actors, enabling them to gain unauthorized access to susceptible devices, pilfer sensitive data, or disrupt operations.
CERT-In operates as an agency under the Ministry of Electronics and Information Technology, entrusted with the mission of safeguarding India’s cyber domain. This agency addresses diverse cybersecurity concerns, encompassing hacking and phishing. The recent notification from CERT-In emphasizes the perils inherent within several versions of the Android OS, a widely utilized mobile operating system.
An excerpt from the official statement reads: “Multiple vulnerabilities have been reported in Android which could be exploited by an attacker to obtain sensitive information, gain elevated privileges and cause denial of service on the targeted system.
Outlined below are the vulnerabilities brought to attention by CERT-In:
- CVE-2020-29374
- CVE-2022-34830
- CVE-2022-40510
- CVE-2023-20780
- CVE-2023-20965
- … (list continues)
These vulnerabilities impact Android versions 10, 11, 12, 12L, and 13. They stem from weaknesses within the Framework, Android Runtime, System Component, Google Play system updates, Kernel, Arm components, MediaTe components, and Qualcomm closed-source components.
The potential risks posed by these vulnerabilities are multifaceted:
Elevation of privileges on the device. Access to sensitive information like passwords, photos, and financial data. Creation of denial-of-service conditions rendering the device non-functional. Installation of malicious software on the device.
To shield your Android device, CERT-In advises promptly applying the latest security patches. Google has already released these patches to address the vulnerabilities. Users can refer to the ‘Android Security Bulletin-August 2023’ for comprehensive details.
To update your Android device:
- Navigate to Device Settings.
- Tap on System.
- Select System updates.
- If an update is available, choose Download and install.
- Follow the on-screen instructions for installation.
In addition to updating, here are a few more security tips to safeguard your devices:
Install apps exclusively from reputable sources.
Utilize a security app to scan for malware.
Exercise caution when opening emails and attachments, sticking to trusted senders.
Employ strong passwords and activate two-factor authentication for apps and devices.
Regularly back up your data, ensuring recovery options in case of loss or theft.
