After vulnerabilities were reportedly in some Google Chrome versions recently, the Indian Computer Emergency Response Team (CERT-IN) on Monday flagged threats in Android OS. Issuing another threat advisory, the government agency said that multiple vulnerabilities have been reported that can let attackers gain access of devices, steal sensitive information and also block usage through a targeted DoS cyberattack. The severity rating allotted by CERT-In to the threat is ‘high’.

Android mobile operating system by Google is the most popular OS for smartphones in India, used by crores of people. As per the advisory, the gaps can be exploited by hackers to “execute arbitrary code, gain elevated privileges, gain access to sensitive information and cause denial of services”.

The vulnerabilities in Google Android are due to “flaws in the Framework Components, Media Framework Components, System Components, Google Play System Updates, Kernel components, MediaTek components, Unisoc Components and Qualcomm closed-source components,” the advisory mentions.

If an attacker is able to exploit these security gaps, it may lead to them gaining access of a device with greater authority and be abled to steal sensitive information of a user.

Solution

CERT-In advises users to apply appropriate updates as mentioned on a recent security bulletin in Google.

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” mentions Google in the security bulletin.

You can check out the concerned Android security bulletin here.

