In a recent advisory issued by the Indian Computer Emergency Response Team (CERT-In), users of various software platforms have been cautioned about the presence of multiple vulnerabilities that could potentially compromise sensitive information and system integrity. The advisory, which comes under the Ministry of Electronics & Information Technology, highlights significant risks associated with the Android operating system, Google Chrome browser, and Mozilla Firefox.
According to CERT-In's warning, several versions of the Android operating system, including Android 12, 12L, 13, and 14, have been identified as being susceptible to exploitation. The vulnerabilities stem from flaws in various components such as the Framework, System, MediaTek components, Widevine, Qualcomm components, and Qualcomm closed-source components. If successfully exploited, these vulnerabilities could allow attackers to obtain sensitive information, gain elevated privileges, and potentially cause denial-of-service conditions on targeted systems.
CERT-In also issued advisories concerning vulnerabilities found in Google Chrome, particularly affecting versions prior to 123.0.6312.105.106.107 for Windows and Mac, and versions prior to 123.0.6312.105 for Linux. The identified vulnerabilities in Google Chrome could enable remote attackers to trigger Denial of Service (DoS) conditions, disclose sensitive information, and execute arbitrary code on affected systems. The vulnerabilities are attributed to inappropriate implementations in V8, use after free in Bookmarks, and out-of-bounds memory access in V8. Attackers could exploit these vulnerabilities by sending specially crafted requests to targeted systems.
Furthermore, CERT-In highlighted vulnerabilities in Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1. These vulnerabilities in Mozilla Firefox are attributed to out-of-bounds access via Range Analysis bypass and Privileged JavaScript Execution via Event Handlers. Exploitation of these vulnerabilities could lead to unauthorized access and manipulation of sensitive data.
To mitigate the risks associated with these vulnerabilities, CERT-In strongly advises users to apply appropriate updates as soon as they become available. Regularly updating software ensures that patches for known vulnerabilities are applied promptly, reducing the risk of exploitation by malicious actors.
In conclusion, the warnings issued by CERT-In underscore the critical importance of maintaining the security of software systems and staying vigilant against potential threats. By promptly applying updates and following best practices for cybersecurity, users can significantly enhance the resilience of their digital infrastructure against evolving threats.
Leave Your Comment