Government issues high-risk alerts for Android 13 and other versions, advising mobile users to stay cautious

For Android users, the Computer Emergency Response Team (CERT-In) has issued a warning. This warning, which has been assigned a “high severity” level, relates to the identification of several vulnerabilities in various releases of the Android operating system, including the most current Android 13. Attackers may use these vulnerabilities, which have been rated as “high severity,” to take over susceptible devices, steal confidential data, or sabotage operations.

A department of the Ministry of Electronics and Information Technology is CERT-In. Its goal is to protect Indian cyberspace, and it is in charge of dealing with cybersecurity problems including hacking and phishing. One of the most popular mobile operating systems, Android OS, has several concerns highlighted in a recent advisory from CERT-In.

The official report states that ”Android has multiple vulnerabilities that have been reported, which could be exploited by an attacker to obtain sensitive information, elevate privileges, and cause denial of service on the targeted system.”

The complete list of vulnerabilities identified by CERT-In is shown below:

• CVE-2020-29374
• CVE-2022-34830
• CVE-2022-40510
• CVE-2023-20780
• CVE-2023-20965
• CVE-2023-21132
• CVE-2023-21133
• CVE-2023-21134
• CVE-2023-21140
• CVE-2023-21142
• CVE-2023-21264
• CVE-2023-21267
• CVE-2023-21268
• CVE-2023-21269
• CVE-2023-21270
• CVE-2023-21271
• CVE-2023-21272
• CVE-2023-21273
• CVE-2023-21274
• CVE-2023-21275
• CVE-2023-21276
• CVE-2023-21277
• CVE-2023-21278
• CVE-2023-21279
• CVE-2023-21280
• CVE-2023-21281
• CVE-2023-21282
• CVE-2023-21283
• CVE-2023-21284
• CVE-2023-21285
• CVE-2023-21286
• CVE-2023-21287
• CVE-2023-21288
• CVE-2023-21289
• CVE-2023-21290
• CVE-2023-21292
• CVE-2023-21626
• CVE-2023-22666
• CVE-2023-21285
• CVE-2023-21286
• CVE-2023-21287
• CVE-2023-21288
• CVE-2023-21289
• CVE-2023-21290
• CVE-2023-21292
• CVE-2023-21626
• CVE-2023-22666
• CVE-2023-28537
• CVE-2023-28555

Affected Android versions

The vulnerabilities affect Android versions 10, 11, 12, 12L, and 13, according to CERT-In. They are brought on by bugs in the Qualcomm closed-source components as well as the Framework, Android Runtime, System Component, Google Play system updates, Kernel, Arm, MediaTe, and components.

What is the risk?

These flaws, if taken advantage of by hackers, might allow them to:

• Increase your device’s privileges.
• Gain access to private information including passwords, pictures, and financial information.
• Create denial-of-service situations that render the device useless.
• Put harmful software on the target device.

Tips for safeguarding your Android smartphone

CERT-In advises users to upgrade their Android smartphones as soon as possible to the most recent security updates in order to reduce these risks and keep their devices secure. Notably, Google has already made available the security updates that address these flaws. For further information, users should see “Android Security Bulletin-August 2023.”

For an Android phone update:

• Access the device’s settings.
• Click System.
• Click “System updates.”
• Click Download and install if an update is available.
• To finish the update, adhere to the instructions displayed on screen.

Here are some further suggestions to guard your devices from such weaknesses and vulnerabilities in addition to the update:

• Only download applications from reliable sources.
• Scanning your smartphone using a security app to check for infection.
• Only open attachments and emails coming from reputable senders.
• Set up two-factor authentication in applications and on your smartphone, and use secure passwords.
• Regularly backup your data. You’ll need to be able to recover your data if your device is lost or stolen.