CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates

CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates

SUMMARY

The state-run cybersecurity agency has found multiple vulnerabilities in the two browsers

CERT-In had also issued a warning against Microsoft products including Microsoft Windows and Microsoft Office

Cyfirma has also warned that Chinese state-sponsored hacker groups could target Indian businesses

Computer Emergency Response Team-India (CERT-In) has advised users to update popular browsers Google Chrome and Apple Safari to avoid cyber attacks.

The state-run cybersecurity agency had issued two separate advisories this week marking them ‘High’ in terms of severity. For Apple Safari, CERT-In noted, “multiple vulnerabilities have been reported in Apple Safari which can be exploited by a remote attacker to execute arbitrary code, perform cross-site scripting attacks or cause URL Unicode encoding on a targeted system.”

It added that these vulnerabilities in Apple Safari’s version prior to 13.1.2 are due to various issues such as improper input validation, access restrictions, state management and memory handling.

Meanwhile, the vulnerabilities in Google Chrome could allow remote attackers to execute arbitrary code, bypass security restrictions, access sensitive information, contact spoofing attack and denial of service (DoS) attack on the targeted system, reported The Hindu.

CERT-In added that these vulnerabilities are due to heap buffer overflow, side-channel information leakage, type Confusion, inappropriate implementation in WebRTC, use after free, policy bypass, insufficient policy enforcement, incorrect security user interface and more.

A remote attacker can easily exploit these vulnerabilities in Google Chrome and Apple Safari by persuading a user to visit a specially crafted website.

On July 15, CERT-In had also issued a warning against Microsoft products — Microsoft Windows, Microsoft Office, Extended Security Updates, Developer Tools, Browser, System Center and Open Source Software. The cybersecurity agency added that these vulnerabilities can help attackers perform cross-site scripting (XSS) attacks, elevate privileges, obtain access to sensitive information.

India has been the second most cyber-attacked country between 2016 to 2018, according to a new Data Security Council of India (DSCI) report. But there has been a further increase in cybersecurity breaches due to Covid-19 pandemic and institutions going remote.

Last month, CERT-In warned the users against hackers that can steal their important personal and financial data. The malicious actors are claiming to have 2 Mn individual email addresses and the attack campaign was expected to start on June 21.

“It has been reported that malicious actors are planning a large scale phishing attack campaign against Indian individuals and businesses… The emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” the advisory said.

CERT-In further claimed that the phishing campaign is expected to be designed to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government aid. Meanwhile, cybersecurity research firm Cyfirma has also warned that Chinese state-sponsored hacker groups could target Indian businesses and government establishments.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates-Inc42 Media
CERT-In Spots Security Bugs In Apple Safari, Google Chrome, Urges Updates-Inc42 Media
You’re in Good company