CERT-In issued a ‘high severity’ warning for Android 11 to Android 14, citing vulnerabilities in components like Framework and Qualcomm. Users are urged to apply the latest security patches promptly.
CERT-In, the government agency responsible for monitoring vulnerabilities, has issued a "high severity" warning for various Android versions, including the most recent one, Android 14
According to the government body, several vulnerabilities have been identified within the Android operating system. These vulnerabilities can be exploited by attackers to gain access to sensitive data, execute arbitrary code, acquire elevated privileges, or induce denial of service conditions on the targeted system.
As per the report, the vulnerabilities have been identified in the Android 11, Android 12, Android 12L, Android 13, and Android 14 operating systems.
Reportedly, vulnerabilities within Android have been identified, stemming from deficiencies in various components such as the Framework, System, Google Play system updates, Arm components, Imagination Technologies, MediaTek components, Misc OEM, Unisoc components, Qualcomm components, and Qualcomm closed-source components.
If successfully exploited, these vulnerabilities could empower attackers to acquire sensitive information, execute arbitrary code, attain elevated privileges, and induce denial of service on the targeted system, says CERT-In.
The government body has strongly recommended users to promptly apply the latest security patch available for their devices due to a list of identified vulnerabilities. These vulnerabilities, assigned CVE names such as CVE-2023-40077, CVE-2023-40076, CVE-2023-40079, CVE-2023-40089, CVE-2023-40091, CVE-2023-40094, CVE-2023-40095, CVE-2023-40096, CVE-2023-40103, CVE-2023-45774, CVE-2023-45777, CVE-2023-21267, CVE-2023-40073, CVE-2023-40081, CVE-2023-40092, CVE-2023-40074, CVE-2023-40075, CVE-2023-40088, CVE-2023-40078, CVE-2023-40080, CVE-2023-40082, CVE-2023-40084, CVE-2023-40087, CVE-2023-40090, CVE-2023-40097, CVE-2023-45773, CVE-2023-45775, CVE-2023-45776, CVE-2023-21394, CVE-2023-35668, CVE-2023-40083, CVE-2023-40087, CVE-2023-40090, CVE-2023-40097, CVE-2023-45773, CVE-2023-45775, CVE-2023-45776, CVE-2023-21394, CVE-2023-35668, CVE-2023-40083, CVE-2023-40098, CVE-2023-40098, CVE-2023-40098, CVE-2023-45781, CVE-2023-45866, CVE-2023-3889, CVE-2023-4272, CVE-2023-32804, CVE-2023-21162, CVE-2023-21163, CVE-2023-21164, CVE-2023-21166, CVE-2023-21215, CVE-2023-21216, CVE-2023-21217, CVE-2023-21218, CVE-2023-21228, CVE-2023-21263, CVE-2023-21401, CVE-2023-21402, CVE-2023-21403, CVE-2023-35690, CVE-2023-21227, CVE-2023-32818, CVE-2023-32847, CVE-2023-32848, CVE-2023-32850, CVE-2023-32851, CVE-2023-45779, CVE-2022-48456, CVE-2022-48461, CVE-2022-48454, CVE-2022-48455, CVE-2022-48457, CVE-2022-48458, CVE-2022-48459, CVE-2023-28588, CVE-2023-33053, CVE-2023-33063, CVE-2023-33079, CVE-2023-33087, CVE-2023-33092, CVE-2023-33106, CVE-2023-33107, CVE-2022-40507, CVE-2022-22076, CVE-2023-21652, CVE-2023-21662, CVE-2023-21664, CVE-2023-28546, CVE-2023-28550, CVE-2023-28551, CVE-2023-28585, CVE-2023-28586, CVE-2023-28587, CVE-2023-33017, CVE-2023-33018, CVE-2023-33022, CVE-2023-33054, CVE-2023-33080, CVE-2023-33081, CVE-2023-33088, CVE-2023-33089, CVE-2023-33097, CVE-2023-33098.