JOIN USCERT-In flags security vulnerabilities in Android phones, Chrome browser
Google has an enviable 70.78 per cent mobile OS market share compared to Apple iOS platform (28.6 per cent). As per the latest report, there are 3.5 billion active Android phones in the world. With such big user base, it attracts cyber criminals to prey on naive handset users.
With advancements in technology, bad actors are coming up with ingenious ways to look for security loopholes to trap unsuspecting phone users. In the latest instance, multiple vulnerabilities have been detected in Android phones (with v12, v12L, v13 and v14) and also in Chrome browser for PCs.
The issues have to be fixed as soon as possible, or else cyber criminals may exploit them to hack devices and steal information, reported Indian Computer Emergency Response Team (CERT-In)
These vulnerabilities exist in Android due to flaws in the Framework, System, MediaTek components, Widevine, Qualcomm, and Qualcomm closed-source components. Successful exploitation of these vulnerabilities could allow the attacker to obtain the sensitive information, gain elevated privileges and cause denial of service conditions on the targeted system.Indian Computer Emergency Response Team (CERT-In)
Google has acknowledged the issue and has rolled out the security patch to all eligible devices. Already, Pixel phones and tablets have received the 2024-04-01 security patch.
Here's how to check if your device has received the latest security patch:
Step 1: Open your device's Settings app
Step 2: Tap Security & privacy >> System & Updates.
--For security updates, tap Security Update.
--For Google Play system updates, tap Google Play system update.
Step 3: And, just follow the steps on the screen
For the Chrome browser too, Google has rolled out new firmware-- v123.0.6312.105/.106/.107 for Windows and Mac computers and v123.0.6312.105 for Linux-based PCs. As the roll-out process is being staged in phases, it will take a few days to reach all corners of the world.
In a related development, CERT-In earlier this week released an alert to Apple device owners of security issues.
Apple acknowledged security vulnerabilities and released a new iOS 17.4.1 with bug fixes and security updates to all eligible iPhones.
Initially, the Cupertino-based company did not disclose the security issues to avoid tipping off the hackers. Usually, owners, due to a lack of knowledge on emerging cyber threats and ignorance, take several days to update their devices.
Now, Apple has detailed the vulnerabilities in CoreMedia and WebRTC APIs of iOS.
"Processing an image (malicious) may lead to arbitrary code execution," Apple said in a short note on the issues. And, Apple thanked Nick Galloway of Google Project Zero for early detection of the vulnerability.
iPhone owners who still haven't updated their devices are requested to do so as soon as possible.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks