|CERT-In Vulnerability Note
Multiple Vulnerabilities in Android OS
Original Issue Date:September 14, 2021
Severity Rating: HIGH
- Google Android Versions 8.1, 9, 10, 11
Multiple vulnerabilities have been reported in Google Android which could be exploited by an attacker to execute arbitrary code, obtain sensitive information or gain elevated privileges on the targeted system.
These vulnerabilities exist in Google Android due to flaws in the Framework Component, Media Framework, System Component, Kernel Component, MediaTek components, Unisoc components, Qualcomm components and Qualcomm closed-sourcecomponents. These vulnerabilities could enable a local malicious application to bypass operating system protections that isolate application data from other applications and also bypass user interaction requirements to gain additional permissions; allows a local attacker to gain access to additional permissions using a specially crafted transmission. These may also allow a remote attacker to cause Denial of Service.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code to disclose potentially sensitive information; cause denial of service and gain elevated privileges on the targeted system.
Apply appropriate software updates as provided by various device manufacturers:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003