Bug fixes this week | Vulnerabilities in Apple, Microsoft, Google, and Samsung products fixed 

Multiple high-severity security bugs were detected in Apple iOS, Microsoft Edge, Google Chrome, and Samsung Galaxy store app by CERT-In

January 28, 2023 03:55 pm | Updated 03:55 pm IST

CERT-In released vulnerability notes for Microsoft, Google, Apple, and Samsung software.

CERT-In released vulnerability notes for Microsoft, Google, Apple, and Samsung software. | Photo Credit: Reuters

The Indian Computer Emergency Response Team (CERT-In), released vulnerability notes for commonly used software detailing security bugs that could be exploited by cybercriminals to compromise the security of affected systems. Over the week, vulnerability notes were released for software from Microsoft, Google, Apple, and Samsung.

(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)

Apple iOS

A security bug that could allow attackers to execute arbitrary code on the targeted devices was detected in Apple’s iOS-affecting versions before iOS 15.1.

The vulnerability was found to exist due to a type of confusion flaw in the WebKit component and could be exploited by enticing victims to visit a maliciously crafted website. Apple released an update fixing the vulnerability and advised users to update their software since the vulnerability was being actively exploited in the wild.

The security bug affected software on iPhones, iPads, and iPod touch.

Microsoft Edge (Chromium based)

Multiple high-severity security bugs were reported in Microsoft’s Edge (Chromium-based) browser.

The security bugs could be exploited by remote threat actors to gain elevated privileges and bypass security restrictions on targeted systems by escaping the browser’s sandbox, which is used to run web applications in isolation to ensure malware are unable to infect other areas of the system.

Microsoft has released updates fixing the security bugs which could be exploited by enticing users to click on a maliciously crafted URL.

Google Chrome

High-severity security bugs were detected in Google Chrome versions for Windows and Linux. The bugs could be exploited by remote cyber attackers to execute arbitrary code, compromise the security of the system and gain elevated privileges.

The bugs were found to exist due to flaws in Use after free in WebTransport and Type Confusion error in serviceworker API.

Threat actors could exploit the bug by persuading Chrome users to visit maliciously crafted web pages. Cybercriminals could also exploit the security bug to access sensitive information on targeted systems.

Google has rolled out a stable channel update for desktop users which will be rolling out over the coming days, the company shared in a blog post.

Samsung Galaxy Store App

Multiple vulnerabilities with high severity rating were reported in Samsung Galaxy Store App which could be exploited by attackers to install unwanted apps and execute arbitrary code on targeted devices.

The security bugs were found to exist due to a flow activity that did not handle incoming commands in a safe manner, and due to an incorrectly configured filter in webview.

The vulnerabilities could be exploited by threat actors by sending specially crafted requests or by enticing users to tap on malicious hyperlinks in Google Chrome or pre-installed rouge applications.

Successful exploitation of the bugs could allow attackers to install malicious apps on users’ devices without their knowledge or execute arbitrary codes thereby compromising the security of affected devices.

Samsung released an updated version of the Galaxy Store App, and users are advised to install the latest version to avoid exploitation.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.