CERT-IN flags multiple weak spots in Android OS

Indian Computer Emergency Response Team (CERT-IN) on Monday notified multiple security vulnerabilities in Google Android, which could allow unauthorised access to sensitive information and cause a denial of service conditions in the targeted device.

CERT-IN released a vulnerability note a week after Google informed about the security risks in its Android Security Bulletin—June 2022. The affected software includes Android operating system versions 10, 11, 12, and 12L.

“Multiple vulnerabilities have been reported in Google Android which could be exploited by an attacker to execute arbitrary code, gain elevated privileges, gain access to sensitive information and cause a denial of services (DoS) condition on the targeted system,” the cyber security agency said while issuing a high severity note.

These vulnerabilities exist in Google Android due to flaws in the Framework components, Media Framework Components, Google Play System Updates, Kernel Components, MediaTek components, Unisoc Components, and Qualcomm closed-source components, the agency added.

On June 6, Google said that it had noticed security issues affecting Android devices. “The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” the tech giant added. It has asked the users to install the security patch levels 2022-06-05 or later to avoid the risks. Business Standard