The Indian Computer Emergency Response Team (CERT-In), India’s cybersecurity agency, has issued a critical advisory for Android smartphones. The advisory highlights severe security vulnerabilities found in devices running newer Android versions. These vulnerabilities, registered under unique CVE identifiers, are categorized as high-security risks, meaning that if unaddressed, they could be exploited by hackers to attack phones.
These issues affect Android 13, Android 14, Android 15, and Android 16. The agency revealed that the flaws exist within several components of the Android operating system, including the framework, Android runtime, system, Widevine DRM, Project Mainline, kernel, Qualcomm, MediaTek, and other components. The widespread nature of the problem across multiple layers significantly increases the potential for harm.
If successfully exploited, these vulnerabilities could allow hackers to steal phone data, crash devices, execute arbitrary code, or gain complete control of the system. In simpler terms, your smartphone and the personal information it contains could become completely insecure.
Google has released a security patch to address these vulnerabilities. However, Google cannot directly deliver the update to all users, as smartphone manufacturers like Samsung (One UI), OnePlus (OxygenOS), and Xiaomi (HyperOS) roll out updates with their custom skins. Therefore, these companies are responsible for promptly delivering the patch to users.
If a new security update is available for your phone, it is crucial to install it immediately. Updating will keep your phone secure and protect it from cyberattacks. The government’s warning emphasizes that failing to update your device promptly could make it a target for hackers.
