The Indian Computer Emergency Response Team (CERT-In), released vulnerability notes for commonly used software detailing security bugs that could be exploited by cybercriminals to compromise the security of affected systems. Over the week, vulnerability notes were released for software from Microsoft, Google, Apple, and Samsung.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
A security bug that could allow attackers to execute arbitrary code on the targeted devices was detected in Apple’s iOS-affecting versions before iOS 15.1.
The vulnerability was found to exist due to a type of confusion flaw in the WebKit component and could be exploited by enticing victims to visit a maliciously crafted website. Apple released an update fixing the vulnerability and advised users to update their software since the vulnerability was being actively exploited in the wild.
The security bug affected software on iPhones, iPads, and iPod touch.
Microsoft Edge (Chromium based)
Multiple high-severity security bugs were reported in Microsoft’s Edge (Chromium-based) browser.
The security bugs could be exploited by remote threat actors to gain elevated privileges and bypass security restrictions on targeted systems by escaping the browser’s sandbox, which is used to run web applications in isolation to ensure malware are unable to infect other areas of the system.
Microsoft has released updates fixing the security bugs which could be exploited by enticing users to click on a maliciously crafted URL.
High-severity security bugs were detected in Google Chrome versions for Windows and Linux. The bugs could be exploited by remote cyber attackers to execute arbitrary code, compromise the security of the system and gain elevated privileges.
The bugs were found to exist due to flaws in Use after free in WebTransport and Type Confusion error in serviceworker API.
Threat actors could exploit the bug by persuading Chrome users to visit maliciously crafted web pages. Cybercriminals could also exploit the security bug to access sensitive information on targeted systems.
Google has rolled out a stable channel update for desktop users which will be rolling out over the coming days, the company shared in a blog post.
Samsung Galaxy Store App
Multiple vulnerabilities with high severity rating were reported in Samsung Galaxy Store App which could be exploited by attackers to install unwanted apps and execute arbitrary code on targeted devices.
The security bugs were found to exist due to a flow activity that did not handle incoming commands in a safe manner, and due to an incorrectly configured filter in webview.
The vulnerabilities could be exploited by threat actors by sending specially crafted requests or by enticing users to tap on malicious hyperlinks in Google Chrome or pre-installed rouge applications.
Successful exploitation of the bugs could allow attackers to install malicious apps on users’ devices without their knowledge or execute arbitrary codes thereby compromising the security of affected devices.
Samsung released an updated version of the Galaxy Store App, and users are advised to install the latest version to avoid exploitation.