Android users, particularly those operating on version 14 and older, are facing a substantial risk of hacking, as warned by the Indian Computer Emergency Response Team (CERT-In). In their latest advisory accompanied by the Vulnerability Note (CIVN-2024-0008), CERT-In has identified critical vulnerabilities within the Android operating system. Exploitation of these vulnerabilities could result in unauthorized access, enabling attackers to pilfer sensitive information and seize complete control of the targeted device.

This high-risk vulnerability encompasses flaws in various core components of the Android ecosystem, spanning the Framework, System, Google Play system updates, and hardware components from different manufacturers. CERT-In's warning specifies that these vulnerabilities are attributed to issues in the Framework, System, and Google Play system updates, as well as components from Arm, Imagination Technologies, MediaTek, Unisoc, Qualcomm, and Qualcomm closed-source components.

The potential risks associated with these vulnerabilities are alarming, as successful exploitation could empower attackers with various malicious capabilities. This includes the theft of sensitive information such as passwords, contacts, emails, photos, and financial data. Furthermore, attackers could gain complete control over devices, enabling them to install malicious apps, monitor user activities, and even utilize compromised devices to launch attacks on others. Additionally, the vulnerabilities could lead to disruptive actions, such as crashing apps, draining device batteries, or causing permanent damage.

Devices running Android versions 11, 12, 12L, 13, or 14 are identified as potentially vulnerable. This encompasses a wide range of popular smartphones from manufacturers like Samsung, Google Pixel, OnePlus, Xiaomi, OPPO, and more.

The recommended solution from CERT-In to mitigate these risks is to promptly update Android devices. While manufacturers are releasing security patches to address these vulnerabilities, the timing of these updates may vary based on the manufacturer and specific device model. Users are urged to stay vigilant, keeping their devices up to date to safeguard against potential exploitation by malicious actors.