CERT-In — or Indian Computer Emergency Response Team — has warned of a number of safety vulnerabilities affecting a number of variations of Android. These safety flaws, if exploited by a malicious person, may very well be used to execute harmful code, accumulate delicate information, and launch a denial-of-service (DoS) assault on a sufferer. The safety vulnerabilities have an effect on three main variations of Android, throughout varied elements of Google’s working system (OS) — from the framework to elements from Arm, MediaTek, Qualcomm, Unisoc, and others, based on the cybersecurity company.
In a vulnerability word issued earlier this week, CERT-In lists out 51 safety flaws affecting the Android OS. The nodal company answerable for coping with cybersecurity points and threats has issued a essential severity ranking for the vulnerability word. All the entries listed by CERT-In have been assigned a Common Vulnerabilities and Exposures (CVE) quantity.
According to CERT-In, these vulnerabilities have an effect on Android 13, Android 12, Android 12L, and Android 11. It is presently unclear whether or not Android 14 can be affected because the supply code for Android 14 was printed a couple of days earlier than the advisory was issued.
The 51 safety flaws listed by CERT-In have an effect on varied elements of the Android working system from the Android framework, the Android system, and Google Play system updates. Meanwhile, software program for elements indirectly managed by Google, together with these from Arm, MediaTek, Unisoc, and Qualcomm, are additionally affected by these vulnerabilities.
Attackers who exploit these flaws might probably elevate their privileges on a goal’s smartphone, execute arbitrary (and malicious) code, extract delicate data, and even carry out a denial-of-service (DoS) assault, based on CERT-In.
Two of these flaws — CVE-2023-4863 and CVE-2023-4211 — may very well be actively exploited by attackers, and customers ought to apply safety patches (*51*), based on the company. These flaws relate to the Chromium engine that powers Google’s browser, and GPU reminiscence processing operations on Android, respectively.
Users working on Pixel smartphones can set up the newest replace that features the October safety patches. Unfortunately, customers who personal smartphones from different producers should wait till a safety replace is launched together with fixes for these safety flaws.