android:  ​​Government issues ‘high-risk’ warning for these Android smartphone users - Times of India

android: ​​Government issues ‘high-risk’ warning for these Android smartphone users – Times of India

[ad_1]

The Indian Computer Emergency Response Team (CERT} under the IT ministry has issued a new warning for Android operating system users. The high severity warning is for users of Android 10, Android 11 and Android 12. As per the advisory, multiple vulnerabilities have been reported in the operating system which can be exploited by someone to obtain sensitive information, gain elevated privileges and cause denial of services on the targeted system.
The advisory further reveals that “these vulnerabilities exist in the Android OS due to flaws in Android runtime, Framework Component, Media Framework, Kernel, MediaTek, Qualcomm components, Qualcomm closed source components and System.” As per the advisory, successful exploitation of these vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges and cause denial of services on the targeted system.
Google has already acknowledged these vulnerabilities in the Android OS and rolled out a security patch earlier this month. According to the recent Android Security Bulletin security patch levels of 2022-03-05 or later address all of these issues.
According to the company, the most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
Apart from this, CERT-In has also issued a warning for Google Chrome users. As per the warning, various vulnerabilities have been reported in the Chrome browser which could allow a remote attacker to execute arbitrary code, bypass security restrictions or cause denial of service conditions on the targeted system.



[ad_2]

Source link

Leave a Comment

Your email address will not be published.