CERT-In Warns of Over 50 Security Flaws Affecting Android Smartphones: All You Need to Know

CERT-In says that two of the 51 vulnerabilities might be actively exploited by attackers and users should install latest security patches immediately.

Written by David Delima, Edited by Siddharth Suvarna | Updated: 13 October 2023 11:46 IST

CERT-In Warns of Over 50 Security Flaws Affecting Android Smartphones: All You Need to Know

Photo Credit: Pixabay/ @andrekheren

The 51 security flaws affect Android 13, Android 12, Android 12L and Android 11

Highlights

Google's Android operating system is affected by over 50 security flaws
These flaws affect various parts of the OS, including external components
CERT-In says users must install the latest Android security patches

CERT-In — or Indian Computer Emergency Response Team — has warned of several security vulnerabilities affecting multiple versions of Android. These security flaws, if exploited by a malicious user, could be used to execute dangerous code, collect sensitive data, and launch a denial-of-service (DoS) attack on a victim. The security vulnerabilities affect three major versions of Android, across various parts of Google's operating system (OS) — from the framework to components from Arm, MediaTek, Qualcomm, Unisoc, and others, according to the cybersecurity agency.

In a vulnerability note issued earlier this week, CERT-In lists out 51 security flaws affecting the Android OS. The nodal agency responsible for dealing with cybersecurity issues and threats has issued a critical severity rating for the vulnerability note. All the entries listed by CERT-In have been assigned a Common Vulnerabilities and Exposures (CVE) number.

According to CERT-In, these vulnerabilities affect Android 13, Android 12, Android 12L, and Android 11. It is currently unclear whether Android 14 is also affected as the source code for Android 14 was published a few days before the advisory was issued.

Google Will Ask You to Set Up a Passkey When You Log In: Here's How It Works

The 51 security flaws listed by CERT-In affect various parts of the Android operating system from the Android framework, the Android system, and Google Play system updates. Meanwhile, software for components not directly controlled by Google, including those from Arm, MediaTek, Unisoc, and Qualcomm, are also affected by these vulnerabilities.

Attackers who exploit these flaws could potentially elevate their privileges on a target's smartphone, execute arbitrary (and malicious) code, extract sensitive information, and even perform a denial-of-service (DoS) attack, according to CERT-In.

Two of these flaws — CVE-2023-4863 and CVE-2023-4211 — could be actively exploited by attackers, and users should apply security patches "urgently", according to the agency. These flaws relate to the Chromium engine that powers Google's browser, and GPU memory processing operations on Android, respectively.

Snapdragon 8 Gen 3 Chip Said to Cross 2 Million Mark in Benchmark Test

Users running on Pixel smartphones can install the latest update that includes the October security patches. Unfortunately, users who own smartphones from other manufacturers will have to wait until a security update is released along with fixes for these security flaws.

Android 14 Rolls Out to Eligible Google Pixel Phones: How to Download

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: CERT-In, Android, Android security, Android security flaws, Android vulnerabilities, Android flaws, Android update, CERT-In advisory, CERT-In vulnerability note, Security vulnerabilities, Vulnerabilities, Google

David Delima

Email David Delima

As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More