—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Android OS

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Android 14

Android 15

Android 16

Android 16-QPR2

Overview

Multiple vulnerabilities have been identified in Android which could be exploited by an attacker to execute arbitrary code causing denial of service, privilege escalation or disclosure sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Android.

Risk Assessment:

Risk of remote code execution, denial of service, privilege escalation and sensitive information disclosure.

Impact Assessment:

Potential compromise of system, service disruption and unauthorized access to sensitive information.

Description

Android is an open-source operating system primarily designed for mobile devices, including smart phones, tablets, smart watches, and other embedded system.

Multiple vulnerabilities exist in Android due to flaws in several components, including the Android Framework, Google, NXP components, STMicroelectronics and Thales components.

Successful exploitation of these vulnerabilities could allow a remote attacker to trigger remote code execution, denial of service condition, gain elevated privileges and obtain sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://source.android.com/docs/security/bulletin/2026/2026-04-01

Vendor Information

Android

https://source.android.com/docs/security/bulletin/2026/2026-04-01

References

Android

https://source.android.com/docs/security/bulletin/2026/2026-04-01

CVE Name

CVE-2026-0049

CVE-2025-48651

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnVIbUACgkQ3jCgcSdc

ys8I8w/9FnGfl/UztyFmKXn/QUr/CkFrLurPW7LZlVFlulNibE8iAA//hWAnnQx0

aKHi6BqFO/Ul6zUS/6u6zOa1D0wKFfv6J+TFfKgV3Q4wW6+fFEHGgYCN9ERquhX/

mN2fMG4nVai44adQPXEv3IApqNyNhhElkuWtCUSKvr7egjL+PvfzLVXEff8xfim9

JkjS3sJ7U6C76XFa2amwSVJWdBKPdPfWowgmnHTF8IJBD5MBb51eGKwRoxfVXEOm

FQ22Qf+ywKgQDEOgIe0L2Hk0TnpiiNpnxzCGODvfakxgiG5s+hK1tX95Sn8OoXYh

eY0RmzITjxMykzlf5MADjEf3X75u1b6/gCnqa9ZXnKDoa2NevC3IelSOoqsSSKOl

BwL/x+ZyUUV0Cc7O86GH/ftGvxQETmNKaD7rfvw4j5QaBt76AQiGV5kIKV4C1s+1

cIgzp+RFmF5lM6d/uyoffajeARm37UaZ93L/aKVZcVSYV61CmS3kYk4ZyjhtlD8t

oOhJyBXq6aa7lpbHg8CWm5n/is8llDhXcnURwOaLj1su3bJNiBUMhMov7UIoo63l

Q2WCIfTB9nuxYykF8OluvHSkUEiqKkXLScghRTiZlrf5r7RmnyJ2H2B58qCLMPxy

ggPbqzVko6vjnkC7FUWCFfHcm/G65uyer6G9kQjW0pPzJApsrns=

=dvlM

—–END PGP SIGNATURE—–