Government issues multiple high severity warning for Apple, Microsoft Edge and Zoom

The Indian Computer Emergency Response Team (CERT-In), overseen by the Ministry of Electronics and Information Technology (MeitY), has issued a significant advisory for users of iPhones and iPads, zoom rooms client and microsoft edge cautioning them about potential vulnerabilities that may be exploited by malicious actors.

Multiple Vulnerabilities have been reported in Zoom Rooms Client which could allow an authenticated attacked to cause a denial- of- service (DOS) condition on the targeted system.
Description Software Affected Solution
These vulnerabilities exist in Zoom Rooms client due to a race condition and improper access control.

Successful exploitation of These vulnerabilities could allow an authenticated attacker to cause a denial – of – service (DOS) condition on the targeted system.

Zoom Rooms Client for Windows before version 5.17.5 Apply appropriate software updates as mentioned in the Zoom Security updates.
Multiple Vulnerabilities have been reported in Microsoft Edge which could allow a remote attacker to execute arbitrary code and bypass security restriction and obtain sensitive information on the targeted system.
Description Software Affected Solution
  • Remote Code Execution Vulnerability
    This vulnerabvility exists in Microsoft edge (Chromium- based ) due to use after free in Performer Manager. A remote attacker could this vulnerability by enticing a user to visit a specially crafted website.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the target system.
  • Bypass security restrictions vulnerabilitiesThis vulnerabvility exists in Microsoft edge (Chromium- based ). Remote attacker could exploit these vulnerabilities by enticing a user to visit the specially crafted website to bypass content security policy (CSP) and pop-up blocker to cause impact on integrity and confidentiality.Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions on the targeted system.
Microsoft Edge Stable version prior to 122.0.2365.92 Apply appropriate software updates as mentioned by the vendor.
Multiple vulnerabilities have been reported in Apple Safari which could allow an attacker to bypass security restrictions, gain sensitive information or denial-of-service (DOS) condition on the targeted system.

Additionally, CERT-In has extended its alert to encompass other Apple products such as the Safari browser, Vision Pro, MacBooks, and Apple Watches, emphasizing the importance of vigilance across various devices.

Description Software Affected Solution
These vulnerabilities exist in Apple Safari due to a state issue in Safari Private Browsing feature, improper processing of web contents, exfiltration of audio-data  cross- origin, improper enforcement of content security policy, and fingerprinting of the user by processing of maliciously crafted webpage, in WebKit components.

Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions , gain sensitive information or  denial-of-service (DOS) condition on the targeted system.

Apple Safari Versions prior to 17.4 Apply appropriate software updates as mentioned in the Apple Security Updates.

In essence, the high severity warning issued by CERT-In serves as a wake-up call underscoring the critical importance of remaining vigilant in an increasingly interconnected digital landscape. By heeding this advisory and implementing recommended security measures, users can fortify their defenses and mitigate the risks posed by these vulnerabilities, ensuring the continued safety and functionality of their devices.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report