Page Loader
Government warns macOS, iOS, ChromeOS users of severe security threats
CERT-In wants users of affected operating systems to update to latest versions (Photo credit: 9to5mac)

Government warns macOS, iOS, ChromeOS users of severe security threats

Aug 04, 2022
11:46 am

What's the story

Users of macOS, iPadOS, iOS, and ChromeOS, beware, says the Indian government's Computer Emergency Response Team (CERT-In). Multiple high-severity vulnerabilities in these operating systems that could be exploited by remote attackers have been reported by CERT-In. The agency has recommended users of these operating systems to keep their devices updated to the latest versions. Mozilla Firefox browser has similar security flaws as well.

Context

Why does this story matter?

The CERT-In report about security flaws in some of the most popular operating systems is a worrying one. Apple and Google have already released updates for these flaws and updating your device's software to the latest version is a must. Concerted action by tech companies and agencies like CERT-In is necessary to protect sensitive user information.

Loophole

Attackers can execute arbitrary code if users visit malicious website

Users running macOS Catalina with a security patch prior to 2022-055 and Big Sur and Monterey versions before 11.6.8 and 12.5, respectively, are at risk. Similarly, iOS or iPadOS prior to 15.6 are also vulnerable. The vulnerabilities can be exploited by attackers remotely. If they persuade the user to visit a malicious website, they can execute an arbitrary code to bypass security restrictions.

Issues

Apple Watches are also vulnerable to attacks

As per the report, the macOS vulnerabilities are caused by out-of-bounds read in AppleScript, SMB and Kernel, out-of-bounds write in Audio, ICU, PS Normalizer, GPU Drivers, SMB, and WebKit. Along with that, authorizations issues in AppleMobileFileIntegrity, and information disclosure in the Calendar and iCloud Photo Library were found. Apple Watches running on watchOS version prior to 8.7 are also vulnerable, said CERT-In.

Flaws

Vulnerabilities in ChromeOS can be exploited by sending targeted request

The vulnerabilities on ChromeOS can be exploited by attackers to gain access to sensitive information. The flaws exist in ChromeOS LTS channel versions before 96.0.4664.215. Some of the reasons for the vulnerabilities are out-of-bounds in the compositing content, incorrect implementation in Extension API, and use-after-free error within the Blink XSLT component. Hackers can trigger these issues by sending a special request to targeted systems.

Information

Mozilla Firefox has issues similar to ChromeOS

The CERT-In has included Mozilla Firefox in the vulnerable list. Firefox versions older than 103, ESR versions older than 102.1 and 91.12 have security flaws. Similar to ChromeOS, hackers can use loopholes to gain access to sensitive information.