High-severity security bugs were reported in some versions of Apple’s macOS, Google Chrome and Microsoft Edge browsers. India’s Computer Emergency Response Team released vulnerability notes recommending users update their devices to the latest software versions.
Apple’s macOS
Multiple high-severity security bugs were detected in macOS that could allow attackers to gain elevated privileges, execute arbitrary codes, disclose sensitive information, and bypass security restrictions.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
Security bugs could also be exploited to cause a denial of services on targeted systems.
Apple in its security updates shared that apps could exploit bugs to modify protected parts of the file system, disclose user information using maliciously crafted audio files, and access private information by accessing root privileges.
The bugs were reported to exist due to problems in various components of Apple’s macOS Ventura, Big Sur, and Monterey.
Google Chrome
A security bug being exploited in the wild was reported in Chrome for Mac, Linux and Windows.
The security bug could allow a remote attacker to execute arbitrary code on targeted systems by sending a specially crafted request.
The bug was found to exist in Chrome due to a type of confusion error in the V8 engine of the browser.
CERT-In, in its vulnerability notes, requested users to urgently apply security patches released by Google.
Microsoft Edge
Security bugs in Microsoft Edge that could allow a remote attacker to execute arbitrary code are being exploited in the wild.
According to vulnerability notes released by CERT-In, the bugs in Edge (Chromium-based) exist due to a type of confusion error in the V8 engine of the browser.
The security bug could be exploited by attackers by sending a specially crafted request on targeted systems.
Microsoft in its security updates shared that the bug exists because “Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability”.