Android Security Alert: Billions of Devices at High Risk, Warns CERT-In; Android 15, 16 Affected

The Indian Computer Emergency Response Team (CERT-In) issued an advisory earlier this week regarding several security flaws affecting smartphones running on recent versions of Android. The cybersecurity agency flagged a large number of vulnerabilities, which have now been recorded as unique CVE identifiers. Each of these security flaws has been given a high severity rating by the agency, highlighting its potential to allow a cyberattack. Android has already released security patches for these vulnerabilities, and affected users should look to immediately update their devices to the latest OS version.

Indian Government Warns of Security Flaws in Recent Android Versions

In an advisory issued on Wednesday, CERT-In warned of multiple vulnerabilities detected across different components of the Android operating system, including the "Framework, Android Runtime, System, Widevine DRM, Project Mainline components, Kernel, Arm components, Imagination Technologies, MediaTek components, Qualcomm components and Qualcomm closed-source components."

The advisory has a "High" severity rating and states that the flaws affect Android 13, Android 14, Android 15, and Android 16. Highlighting the risk, the agency stated, “Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, obtain sensitive information, execute arbitrary code, or cause a denial of service (DoS) condition on the targeted system.”

Android has issued a security patch to address all of these vulnerabilities that were flagged by CERT-In. The Google-owned operating system has urged its partners to push the update to the end user as soon as possible. The reason Android cannot push the update by itself is that several smartphone original equipment manufacturers (OEMs) apply their own Android-based skins, such as Samsung's One UI, OnePlus' OxygenOS, Xiaomi's HyperOS, and others.

Once Android patches the operating system at its level, OEMs will then apply them to their framework and push them to the end users. Notably, at the time of writing this, most Android smartphone users might have already received the update. They are advised to download and install it as soon as possible, to ensure threat actors cannot hack their devices.