The Indian Computer Emergency Response Team (CERT-In), overseen by the Ministry of Electronics and Information Technology (MeitY), has issued a significant advisory for users of iPhones and iPads, zoom rooms client and microsoft edge cautioning them about potential vulnerabilities that may be exploited by malicious actors.
Multiple Vulnerabilities have been reported in Zoom Rooms Client which could allow an authenticated attacked to cause a denial- of- service (DOS) condition on the targeted system.
| Description | Software Affected | Solution |
| These vulnerabilities exist in Zoom Rooms client due to a race condition and improper access control.
Successful exploitation of These vulnerabilities could allow an authenticated attacker to cause a denial – of – service (DOS) condition on the targeted system. |
Zoom Rooms Client for Windows before version 5.17.5 | Apply appropriate software updates as mentioned in the Zoom Security updates. |
Multiple Vulnerabilities have been reported in Microsoft Edge which could allow a remote attacker to execute arbitrary code and bypass security restriction and obtain sensitive information on the targeted system.
| Description | Software Affected | Solution |
|
Microsoft Edge Stable version prior to 122.0.2365.92 | Apply appropriate software updates as mentioned by the vendor. |
Multiple vulnerabilities have been reported in Apple Safari which could allow an attacker to bypass security restrictions, gain sensitive information or denial-of-service (DOS) condition on the targeted system.
Additionally, CERT-In has extended its alert to encompass other Apple products such as the Safari browser, Vision Pro, MacBooks, and Apple Watches, emphasizing the importance of vigilance across various devices.
| Description | Software Affected | Solution |
| These vulnerabilities exist in Apple Safari due to a state issue in Safari Private Browsing feature, improper processing of web contents, exfiltration of audio-data cross- origin, improper enforcement of content security policy, and fingerprinting of the user by processing of maliciously crafted webpage, in WebKit components.
Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions , gain sensitive information or denial-of-service (DOS) condition on the targeted system. |
Apple Safari Versions prior to 17.4 | Apply appropriate software updates as mentioned in the Apple Security Updates. |
In essence, the high severity warning issued by CERT-In serves as a wake-up call underscoring the critical importance of remaining vigilant in an increasingly interconnected digital landscape. By heeding this advisory and implementing recommended security measures, users can fortify their defenses and mitigate the risks posed by these vulnerabilities, ensuring the continued safety and functionality of their devices.
