CERT-In issues warning of 'high severity' for users of Android 13 and other versions

For Android users, Computer Emergency Response Team (CERT-In) has issued a warning of 'high severity'. The warning is related to the discovery of multiple vulnerabilities within several versions of the Android operating system, including the most recent Android 13. The vulnerabilities identified by CERT-In can be exploited by attackers to gain control of vulnerable devices, steal sensitive information, or disrupt operations.

CERT-In operates under the Ministry of Electronics and Information Technology and aims to secure Indian cyber space and is responsible for addressing cybersecurity issues, including hacking and phishing.  

"Multiple vulnerabilities have been reported in Android which could be exploited by an attacker to obtain sensitive information, gain elevated privileges and cause denial of service on the targeted system," reads the official note.

Here is the list of all the vulnerabilities highlighted by CERT-In:

- CVE-2020-29374

- CVE-2022-34830

- CVE-2022-40510

- CVE-2023-20780

- CVE-2023-20965

- CVE-2023-21132

- CVE-2023-21133

- CVE-2023-21134

- CVE-2023-21140

- CVE-2023-21142

- CVE-2023-21264

- CVE-2023-21267

- CVE-2023-21268

- CVE-2023-21269

- CVE-2023-21270

- CVE-2023-21271

- CVE-2023-21272

- CVE-2023-21273

- CVE-2023-21274

- CVE-2023-21275

- CVE-2023-21276

- CVE-2023-21277

- CVE-2023-21278

- CVE-2023-21279

- CVE-2023-21280

- CVE-2023-21281

- CVE-2023-21282

- CVE-2023-21283

- CVE-2023-21284

- CVE-2023-21285

- CVE-2023-21286

- CVE-2023-21287

- CVE-2023-21288

- CVE-2023-21289

- CVE-2023-21290

- CVE-2023-21292

- CVE-2023-21626

- CVE-2023-22666

- CVE-2023-28537

- CVE-2023-28555

According to CERT-In the vulnerabilities affect Android versions 10, 11, 12, 12L, and 13. They are caused by flaws in the Framework, Android Runtime, System Component, Google Play system updates, Kernel, Arm components, MediaTek components and Qualcomm closed-source components.

If exploited by hackers these vulnerabilities could allow them to:

Gain elevated privileges on the device

Access sensitive information, such as passwords, photos, and financial data

Cause denial-of-service conditions, making the device unusable

Install malicious software on the device

How to protect your Android device

To keep your Android devices safe, CERT-In recommends that users update their devices to the latest security patches as soon as possible to mitigate these risks. Notably, Google has already released the security patches solving these vulnerabilities. Users can check 'Android Security Bulletin-August 2023' for details.