Quick News Bit

CERT-In Detects Threats With High Severity In iPhone, iPad, Mac, ChromeOS and Firefox Browser | Digit


The Indian Computer Emergency Response Team or CERT-In, appointed by the Ministry of Electronics and Information Technology, has found several highly severe vulnerabilities in iOS, iPadOS, and macOS. Additionally, they’ve also found some vulnerabilities in Google’s ChromeOS and Mozilla’s Firefox browser as well. According to the agency, these vulnerabilities can be used to bypass security restrictions and cause DoS or denial-of-service attacks on users, rendering their devices unusable.

Machines running macOS Catalina with a security patch prior to 2022-005, macOS Big Sur versions prior to 11.6.8, and macOS Monterey versions prior to 12.5 are at risk. These vulnerabilities which are present in macOS as well as iOS and iPadOS can be exploited by attackers remotely; all they need to do is persuade victims to visit a malicious website. The attacker can then execute an arbitrary code which would bypass security restrictions and cause the DoS attack on the device.

The vulnerabilities in macOS exist due to out-of-bounds read in AppleScript, SMB, and Kernel, out-of-bounds write in Audio, ICU, PS Normalizer, GU Drivers, SMB and WebKit. In addition to that, authorisation issues were found in AppleMobileFileIntegrity; information disclosure in the Calendar and iCloud Photo Library.

Similar vulnerabilities have been found in iPadOS and iOS versions prior to 15.6 as well.

As for Mozilla Firefox, versions older than 103, ESR versions older than 102.1 and 91.12 have been found to have security flaws. These flaws exist due to Memory safety bugs present in the browser engine, preload cache bypasses subresource integrity, and leak of cross-site resource redirecting information while using the Performance API, to name a few. Using these loopholes, attackers can gain access to sensitive information on targeted machines.

Google ChromeOS suffers from similar vulnerabilities to Firefox. They exist in Google ChromeOS LTS channel versions prior to 96.0.4664.215 due to out-of-bounds read in the compositing component, incorrect implementation in Extension API, and use-after-free error within the Blink XSLT component, to name a few.

According to CERT-In, these vulnerabilities can be fixed by installing software updates, and users of these operating systems and browsers should install the latest security updates as soon as they can.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment