The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning regarding multiple vulnerabilities affecting Android devices running versions 12, 12L, 13, 14, and 15. These vulnerabilities could allow attackers to gain unauthorised access, steal sensitive information, escalate privileges, execute arbitrary code, or cause denial-of-service (DoS) attacks. One of the vulnerabilities (CVE-2024-53104) is already being actively exploited.
The vulnerabilities exist due to flaws in various Android components, including the Framework, System, Kernel, and components from vendors like MediaTek, Qualcomm and Imagination Technologies.
CERT-In advises users and OEMs to apply security updates as soon as they become available to mitigate these risks31. Best security practices include:
Regularly updating devices with the latest security patches.
Avoiding the installation of apps from untrusted sources.
Enabling Google Play Protect.
Being cautious of phishing attempts.
CERT-In’s advisory emphasises the need for collaboration among stakeholders, including Google, OEMs, and the cybersecurity community.
Link to article –
