The Indian Computer Emergency Response Team (CERT} under the IT ministry has issued a new warning for Android operating system users. The high severity warning is for users of Android 10, Android 11, Android 12 and Android 12L. As per the advisory, multiple vulnerabilities have been reported in the operating system which can be exploited by someone to obtain sensitive information, gain elevated privileges and cause denial of services on the targeted system.
The advisory further reveals “these vulnerabilities exist in the Android OS due to flaws in Framework, System component, Media Provider component, Kernel components, MediaTek components, Qualcomm components, Qualcomm closed source components and System.” As per the advisory, successful exploitation of these vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges and cause denial of services on the targeted system.
Google has already acknowledged these vulnerabilities in the Android OS and rolled out a security patch earlier this month. According to the recent Android Security Bulletin security patch levels of 2022-05-01 or later address all of these issues.
According to the company, the most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with User execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. That is why Google recommends all users to update to the latest version of Android where possible.