Government warns macOS, iOS, ChromeOS users of severe security threats
Users of macOS, iPadOS, iOS, and ChromeOS, beware, says the Indian government's Computer Emergency Response Team (CERT-In). Multiple high-severity vulnerabilities in these operating systems that could be exploited by remote attackers have been reported by CERT-In. The agency has recommended users of these operating systems to keep their devices updated to the latest versions. Mozilla Firefox browser has similar security flaws as well.
- The CERT-In report about security flaws in some of the most popular operating systems is a worrying one.
- Apple and Google have already released updates for these flaws and updating your device's software to the latest version is a must.
- Concerted action by tech companies and agencies like CERT-In is necessary to protect sensitive user information.
Users running macOS Catalina with a security patch prior to 2022-055 and Big Sur and Monterey versions before 11.6.8 and 12.5, respectively, are at risk. Similarly, iOS or iPadOS prior to 15.6 are also vulnerable. The vulnerabilities can be exploited by attackers remotely. If they persuade the user to visit a malicious website, they can execute an arbitrary code to bypass security restrictions.
As per the report, the macOS vulnerabilities are caused by out-of-bounds read in AppleScript, SMB and Kernel, out-of-bounds write in Audio, ICU, PS Normalizer, GPU Drivers, SMB, and WebKit. Along with that, authorizations issues in AppleMobileFileIntegrity, and information disclosure in the Calendar and iCloud Photo Library were found. Apple Watches running on watchOS version prior to 8.7 are also vulnerable, said CERT-In.
The vulnerabilities on ChromeOS can be exploited by attackers to gain access to sensitive information. The flaws exist in ChromeOS LTS channel versions before 96.0.4664.215. Some of the reasons for the vulnerabilities are out-of-bounds in the compositing content, incorrect implementation in Extension API, and use-after-free error within the Blink XSLT component. Hackers can trigger these issues by sending a special request to targeted systems.
The CERT-In has included Mozilla Firefox in the vulnerable list. Firefox versions older than 103, ESR versions older than 102.1 and 91.12 have security flaws. Similar to ChromeOS, hackers can use loopholes to gain access to sensitive information.