Multiple vulnerabilities of high severity have been discovered in Apple’s iOS, iPadOS, and macOS operating systems as well as Google’s ChromeOS and the Mozilla Firefox web browser by the Indian Computer Emergency Response Team (CERT-In), which was appointed by the Ministry of Electronics and Information Technology.
The operating systems for iPad, Mac, and iPhone are iOS, iPad, and macOS, respectively. The nodal agency claims that these flaws can be used to get beyond security measures and launch DoS assaults that render the devices useless.
According to CERT-In, Mac computers running earlier versions of macOS Catalina with security updates, macOS Big Sur versions, and macOS Monterey versions are vulnerable.
By convincing a victim to visit a malicious website, a remote attacker might take advantage of flaws in older versions of macOS, iOS, and iPadOS. The targeted system can experience DoS circumstances thanks to the cybercriminal’s ability to run arbitrary code, get through security measures, and more.
The Mac OS is vulnerable to out-of-bounds reads in AppleScript, SMB, and the Kernel as well as out-of-bounds writes in Audio, ICU, PS Normalizer, GU Drivers, SMB, and WebKit. AppleMobileFileIntegrity has been determined to have authorization problems, and the Calendar and iCloud Photo Library both have information disclosure vulnerabilities.
Versions of iOS and iPadOS before 15.6 have been found to have comparable flaws. The macOS flaws include out-of-bounds read and write in ImageIO and Kernel, authorization issues in AppleMobileFileIntegrity, and information disclosure in the Calendar and iCloud Photo Library, among others. They also include out-of-bounds written in Audio, ICU, GPU Drivers, and WebKit.
Versions of Mozilla Firefox reported being susceptible include 91.12, 103, and earlier ESR versions.
Vulnerabilities include preload cache bypasses that compromise subresource integrity, leaks of cross-site resource redirection information while utilizing the Performance API, and problems in the browser engine’s memory safety system.
These weaknesses might let an attacker gain access to private data on the targeted system.
The security flaws in Google ChromeOS are almost identical to those in Firefox. Prior to 96.0.4664.215, Google ChromeOS LTS channel versions are vulnerable owing to a use-after-free mistake in the Blink XSLT component, an out-of-bounds read in the compositing component, and erroneous Extension API implementation, among other things.
Software updates can be used to address these vulnerabilities, according to CERT-In. It is recommended that users of these operating systems and Mozilla Firefox install the software updates as soon as they can.