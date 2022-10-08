CERT-In says that multiple vulnerabilities exist in Android OS that could be exploited by an attacker to gain elevated privileges, access sensitive information and cause denial of service conditions on the targeted phone.
Google has started releasing October security patches for Android OS and users are advised to install the update immediately. As per an advisory by the Indian Computer Emergency Response Team (CERT-In), multiple vulnerabilities exist in Android OS that could be exploited by an attacker to gain elevated privileges, access sensitive information and cause denial of service conditions on the targeted phone. Therefore, impacted Android users must update their devices as soon as they receive the October security patch.
The CERT-In advisory is dated October 6, 2022.
On October 3, 2022, Google published its Android security bulletin where it details security vulnerabilities affecting Android devices. Updated two days later on October 5, it says that security patch levels of 2022-10-05 or later address all of these issues. Devices with Android 10 and later may receive security updates as well as Google Play system updates, it further adds.
Which Android OS versions are affected?
The nodal cyber agency’s advisory comes with a high severity rating. According to it, five Android versions are impacted by this vulnerability. These are Android v10, Android v11, Android v12, Android v12L and Android v13.
The agency says that these vulnerabilities exist in Android operating system due to flaws in Framework, Media Framework, System, Kernel, Kernel components, Imagination technologies components, Medialek components, UNISOC components, Qualcomm components and Qualcomm closed-source components.
In another news, with 303 vulnerabilities and a cumulative total of 3,159 vulnerabilities as of 2022, Google Chrome has become the most vulnerable browser available. As per a new report by Atlas VPN, these figures are based on data from the VulDB vulnerability database, covering January 1, 2022 to October 5, 2022. As per the report, Google Chrome is the only browser with new vulnerabilities in the five days in October. Recent ones are CVE-202203318, CVE-2022-3314, CVE-2022-3311, CVE-2022-3309 and CVE-2022-3307. The CVE programme tracks security flaws and vulnerabilities across multiple platforms. The database does not list details for these flaws, but the report said they can lead to memory corruption on a computer.
