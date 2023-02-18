February 18, 2023 11:47 am | Updated 12:15 pm IST

During the week, the Indian Computer Emergency Response Team (CERT-In), released reports for security bugs affecting software including Apple’s iOS, iPadOS, and macOS, Microsoft’s Edge browser, Google Chrome, and Adobe products.

Apple iOS, iPadOS and macOS

Multiple high severity security bugs were reported in Apple software, affecting a major part of their product line-up. Affected software included iOS, iPadOS, and macOS Ventura.

Security bugs could be exploited by attackers to gain elevated privileges, execute arbitrary code, and gain access to sensitive information on targeted systems.

The security bugs in Apple software were found to exist due to a user after free in Kernel, improper handling of temporary files in Shortcuts, and type confusion in WebKit component.

Attackers could exploit these vulnerabilities by sending maliciously crafted content and trigger memory corruption errors on devices, CERT-In shared.

Apple has released updates fixing the security bugs.

Microsoft Edge

Security bugs rated in the medium category were detected in Microsoft Edge. These could be exploited by remote attackers to trigger Denial of Services (DOS), remote code execution, elevation of privileges, security restriction bypass, and the information disclosure conditions of affected systems.

The vulnerabilities were found to exist in Microsoft Edge and could be exploited by remote attackers by convincing users to open specially crafted content, CERT-In shared.

Microsoft released security updates fixing the bugs earlier this week.

Google Chrome

Multiple security bugs were reported in Google Chrome, which could be exploited by an attacker to execute arbitrary code and gain access to sensitive information on the targeted systems.

These vulnerabilities were found to exist due to Type Confusion, inappropriate implementation in full screen mode and download, out of read bounds in WebRTC, use after free in GPU, heap buffer overflow in Web UI, insufficient policy enforcement in developer tools, and integer overflow in core.

Remote attackers could exploit these security bugs by persuading a victim to visit a specially crafted web page, thereby compromising their security.

Google has released security updates fixing these bugs and users have been advised to update their systems to ensure their security.

Adobe products

High severity security bugs were detected in Adobe products in the Windows and macOS versions. The reported vulnerabilities could be exploited by an attacker to bypass security restrictions, execute arbitrary code, cause memory leaks2, and cause denial of services on targeted systems.

The security bugs in Adobe were found to exist due to out-of-bounds, read and write, improper input validation, improper access control, use after free, stack-based buffer overflow, heap-based buffer overflow, and access of memory location after end of buffer errors.

Over the week, Adobe released security updates fixing these security bugs and advised users to update their software.