The Indian government’s official IT security organisation CERT-In (Computer Emergency Response Team) has issued a warning against vulnerabilities in the Apple software ecosystem, Windows OS, and Android mobile OS. The vulnerability, if left unaddressed, could be used by hackers to gain remote access to your devices. To prevent this security mishap, the government advises users to update their iPhone, iPad, Windows laptop/ PC, and Android mobile phone to the latest version available. Apple and Google have already released software patches to fix these issues, while Microsoft has confirmed that this vulnerability hasn’t been exploited so far.
iPhone and iPad vulnerability
CERT-In has said in a statement that Apple’s iPad OS and iOS are vulnerable to zero-day memory corruption, which is being actively exploited in the wild. The memory corruption issue affects all iPhone 6s and later, iPad Pro (all models), iPad Air 2 and iPad 5th generation and later models, iPad mini 4 and later models, and iPod touch (7th generation). Apple has released respective iOS 14.7.1 and iPadOS 14.7.1 versions for these devices that fixes this bug. Not updating to the latest software versions may allow attackers with kernel privileges to execute arbitrary code and gain elevated privileges on a targeted system, added CERT-In.
If your iPhone and iPad are updated to the latest software versions, you can do so by going to Settings > General > Software Update and manually look for an update to install.
For Android mobile phone users, CERT-In has issued a security alert for the Signal application. Per the organisation, the app is vulnerable to sending random images along with the intended ones to the recipient. Signal claims that the issue has been fixed with the latest update. You can head to the Google Play Store to download Signal Version 5.17.3 for Android to prevent any privacy breach.
The cybersecurity agency has reported that the Windows OS has a vulnerability that could allow a local attacker to gain elevated privileges on the targeted system. This is also said to allow attackers to exploit other security weaknesses on the vulnerable system such as extracting and leveraging account password hashes and discovering original installation passwords.
The issue affects Windows 10 Version 1809 for 32-bit Systems, ARM64-based systems and x64-based systems, Windows 10 Version 1909 for 32-bit Systems, ARM64-based systems and x64-based systems, Windows 10 Version 2004 for 32-bit Systems, ARM64-based systems and x64-based systems, Windows 10 Version 20H2 for 32-bit Systems, ARM64-based systems and x64-based systems, Windows 10 Version 21H1 for 32-bit Systems, ARM64-based systems and x64-based systems, Windows Server 2019, Windows Server 2019 (server core installation) and Windows Server, version 2004 (server core installation). Microsoft has registered this vulnerability, which is rated high by the organisation, CVE-2021-36934. The company is likely to roll out the update for the bug soon.