The Indian Computer Emergency Response Team (CERT-In) has released a serious security alert impacting billions of Android smartphones worldwide. The advisory highlights multiple high-severity vulnerabilities across Android versions 13, 14, 15, and the upcoming Android 16. Users are strongly advised to update their devices immediately to the latest security patch to avoid potential cyber threats.
According to CERT-In, the flaws exist in key Android components such as Framework, Android Runtime, Kernel, Widevine DRM, Project Mainline modules, and hardware-related drivers from Qualcomm, MediaTek, Arm, and Imagination Technologies. These vulnerabilities could allow hackers to gain unauthorized access, steal personal data, escalate privileges, execute harmful code, or even cause complete denial-of-service (DoS) attacks on affected smartphones.
The agency emphasized that these security flaws have been registered under unique CVE identifiers and rated with “High” severity. If exploited, attackers can take remote control of devices, making it critical for users to install the latest patches without delay.
Google has already rolled out security patches addressing these vulnerabilities. However, the updates need to be pushed by smartphone manufacturers (OEMs) such as Samsung, Xiaomi, OnePlus, and others that use customized Android skins like One UI, HyperOS, and OxygenOS. Once OEMs apply Google’s security fixes to their frameworks, users will receive the update on their devices.
CERT-In has urged Android smartphone owners to check for pending software updates and install them immediately. The advisory also reminds users that failing to update leaves devices open to advanced cyberattacks, data theft, and system crashes.
With Android continuing to power billions of devices globally, staying updated with regular security patches remains the most effective defense against rising mobile cyber threats.