CERT-IN Flags Multiple Weak Spots in Android OS

The Indian Computer Emergency Response Team (CERT-IN) reported on Monday that Google Android has multiple vulnerabilities that could allow unauthorized access to sensitive information and lead to a denial of service on the target device.

CERT-IN released a vulnerability advisory a week after Google announced the security issue in the Android Security Bulletin. The affected software includes Android operating system versions 10, 11, 12, and 12L.

While issuing a high-security note the cyber security agency said, “ Multiple vulnerabilities have been reported in Google Android which could be exploited by an attacker to execute arbitrary code, gain elevated privileges, gain access to sensitive information and cause a denial of services (DoS) condition on the targeted system.”

These vulnerabilities exist in Google Android due to bugs in framework components, Media Framework components, Google Play system updates, kernel components, MediaTek components, Unisoc components, and Qualcomm closed source components, the agency said.

On June 6th, Google announced that it had discovered a security issue with its Android device. "The most serious of these problems is a critical vulnerability in system components that could allow remote code execution without the need for additional execute permissions," the technology giant added.