The Ministry of Electronics and Information Technology’s Indian Computer Emergency Response Team (CERT-In) has identified several high-severity vulnerabilities in Apple’s iOS, iPadOS, and macOS, along with Google’s ChromeOS and Mozilla’s Firefox internet browser. iOS is utilized on iPhone models, iPadOS on iPads, and macOS on Mac machines. According to CERT-In, these vulnerabilities possess the potential to circumvent security measures, leading to denial-of-service (DoS) attacks that render the affected devices inoperable.
Machines running macOS Catalina with security updates before 2022-005, macOS Big Sur versions prior to 11.6.8, and macOS Monterey versions before 12.5 are particularly susceptible, as indicated by CERT-In. Exploiting these vulnerabilities involves convincing a user to visit a malicious website, allowing a remote attacker to execute arbitrary code, bypass security protocols, and induce DoS conditions on the targeted system.
The macOS vulnerabilities stem from out-of-bounds read in AppleScript, SMB, and Kernel, as well as out-of-bounds write in Audio, ICU, PS Normalizer, GU Drivers, SMB, and WebKit. Authorization issues were identified in AppleMobileFileIntegrity, and information disclosure in the Calendar and iCloud Photo Library.
Similar vulnerabilities affect iOS and iPadOS versions before 15.6, involving out-of-bounds write in Audio, ICU, GPU Drivers, and WebKit, out-of-bounds read in ImageIO and Kernel, and authorization issues in AppleMobileFileIntegrity, among others.
Mozilla Firefox versions before 103, ESR versions before 102.1, and 91.12 are susceptible to memory safety bugs within the browser engine, preload cache bypasses subresource integrity, and the leakage of cross-site resource redirecting information when using the Performance API.
Google ChromeOS, in LTS channel versions before 96.0.4664.215, faces vulnerabilities such as out-of-bounds read in the compositing component, incorrect implementation in Extension API, and a use-after-free error within the Blink XSLT component.
CERT-In advises users to mitigate these vulnerabilities by promptly installing software updates for the respective operating systems and Mozilla Firefox.
