CERT-In warns users about multiple security vulnerabilities affecting recent versions of Android

India’s Computer Emergency Response Team (CERT-In) has issued an advisory regarding several security vulnerabilities affecting smartphones running the latest Android versions. The cybersecurity agency warned users about vulnerabilities that were recently patched by Google and smartphone component makers like Qualcomm and MediaTek as part of this month’s Android security bulletin. Samsung also issued fixes for nine Samsung Vulnerabilities and Exposures (SVEs) that were privately disclosed and have moderate severity ratings as part of the latest security update.

In the announcement published on Tuesday, CERT-In highlighted multiple vulnerabilities found in parts of the Android operating system, including “Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components, and Qualcomm closed source components.” The advisory has a “high” severity rating and states that the flaws affect Android 12 (and 12L), Android 13, and Android 14.

Google has patched vulnerabilities in its Android operating system that could allow an attacker to gain unauthorized access to personal information on an affected device, according to the cybersecurity agency. The flaws could also be used by an attacker to gain elevated device privileges and execute malicious code or launch a denial of service (DoS) attack.

Meanwhile, Google shared detailed information related to specific components that have been patched with the latest Android security bulletin — including fixes for bootloader vulnerabilities on devices with AMLogic components, flaws in Mali (Arm) components, and security issues affecting Wi-Fi and cores Qualcomm devices.

Samsung has announced that its devices receiving the latest Security Maintenance Release (SMR) Mar-2024 Release 1 will also be protected against nine SVEs that affect Wi-Fi, AppLock and other parts of the operating system as well as the bootloader. The company also says it has issued fixes for some SVE items that are currently undisclosed.

CERT-In says users should ensure their smartphones are updated with the latest monthly security updates to ensure these vulnerabilities have been patched. According to Google’s latest Android security bulletin, users whose smartphones have been updated to security patch level 2024-03-05 should be protected from these security flaws.