The Indian Computer Emergency Response Team (CERT-In) has issued a warning regarding numerous security vulnerabilities affecting smartphones running on recent versions of the Android operating system. The cybersecurity agency cautions users about vulnerabilities that have been recently addressed by Google, Qualcomm, MediaTek, and Samsung as part of their respective security updates.
In an advisory released on Tuesday, CERT-In identifies multiple vulnerabilities present in various components of the Android OS, including the Framework, System, AMLogic, Arm, MediaTek, and Qualcomm components. The severity of these vulnerabilities is rated as "High," and they impact devices running Android 12 (including 12L), Android 13, and Android 14.
According to CERT-In, Google has addressed security flaws in the Android OS that could potentially lead to unauthorized access to sensitive information stored on affected devices. These vulnerabilities could also be exploited by attackers to gain elevated privileges, execute malicious code, or initiate denial-of-service (DoS) attacks.
Furthermore, Google has provided detailed information regarding specific components patched in the latest Android Security Bulletin. These include fixes for bootloader vulnerabilities in devices with AMLogic components, security issues affecting Mali (Arm) components, and vulnerabilities related to Wi-Fi and kernels in Qualcomm devices.
Samsung has also released patches for nine Samsung Vulnerabilities and Exposures (SVEs) as part of its latest Security Maintenance Release (SMR) Mar-2024 Release 1 update. These patches address vulnerabilities affecting Wi-Fi, AppLock, the operating system, and the bootloader. Additionally, Samsung has fixed undisclosed SVE items to enhance device security.
CERT-In emphasizes the importance of keeping smartphones up to date with the latest security updates to mitigate the risk of exploitation. According to Google's Android Security Bulletin, devices patched with the 2024-03-05 security update level should be protected against the identified security flaws.