If you are an Android user, you need to download the latest software updates immediately. Android has released patches for a total of 40 vulnerabilities in its Operating System (OS) which leave the user's device open to a wide range of cyber attacks.
According to an advisory issued by CERT-In on Monday, these vulnerabilities exist in various components of the Andriod OS, which could be exploited by hackers to gain unauthorised access into the target devices.
“Successful exploitation of these vulnerabilities could allow the hacker to execute arbitrary code, gain elevated privileges, gain access to sensitive information and cause Denial of Service (DoS) condition on the targetted system,” the advisory stated.
Execution of arbitrary code is technical jargon for a hacker being able to run any program they want to on the hacked device once they have access to it, while elevated privileges refers to the hacker gaining the ability to make any changes to the device settings. A DoS condition means that by successful exploitation of one or more of such vulnerabilities, the hackers could cause some or all services in the device to shut down, literally denying its service to its authorised user.
While CERT-In has collectively assigned a 'high' severity rating to all 40 vulnerabilities, Android itself has acknowledged all of them and assigned a 'Critical' rating to some of them. A 'Critical' rating is the highest one that can be assigned to a vulnerability, indicating the most serious threat to the system or device. In its official update published on its website, Android has rated five of the 40 vulnerabilities as 'Critical'.
Android's update states that the Critical vulnerabilities in the list could lead to a hacker being able to execute their code remotely on the hacked device “with no additional execution privileges needed”; which means that once the hacker is inside the device using these five vulnerabilities, they do not need to do anything else to tamper with the system.
All the 40 vulnerabilities have also been assigned individual CVE numbers, which is another official acknowledgement of their existence. CVE stands for Common Vulnerabilities and Exposures and once assigned, the vulnerabilities are referred to by their CVE numbers.
Android has released patches for all the vulnerabilities, which are part of its automatic software updates. Every tech manufacturer routinely released patches for bugs in its system in this manner, which is why it is important to either keep the auto-update feature turned on or check for updates at least once a day.