untitled design

Indian government sounds alarm: Windows, Android, iPhone and iPad have active vulnerabilities that are “currently being exploited”

The Indian government has issued a warning about vulnerabilities in Apple’s software ecosystem, Windows OS and Android mobile OS.

Indian government sounds alarm: Windows, Android, iPhone and iPad have active vulnerabilities that are “currently being exploited”

According to the CERT-In (Computer Emergency Response Team), the official information security division, these vulnerabilities, if not eliminated, could be exploited by hackers to gain remote access to devices.

The organization advises users to update their iPhones, iPads, Windows laptops and desktops, and Android smartphones to the latest version available. Apple and Google have already released software fixes, and Microsoft said the vulnerability has not yet been exploited.

CERT-In said in a statement that the operating system for the iPad and iPad has a zero-day memory corruption vulnerability that is actively exploited by attackers to gain elevated privileges on the system. This issue affects all iPhones starting with the iPhone 6s, iPad Pro (all models), iPad Air 2 and iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). Apple has released iOS 14.7.1 and iPadOS 14.7.1 fixes for this bug.

Android CERT-In warns users of a pitfall in Signal applications. According to the organization, the application is vulnerable to sending random images other than the selected ones to the recipient, thus violating the sender’s confidentiality. Signal claims the issue was fixed in the latest update – Signal Version 5.17.3 for Android.

With regard to Windows, the Indian government is concerned about a vulnerability that could allow an attacker to gain elevated privileges on the system. The issue affects many variations of Windows 10 from version 1809 to the newest 21H1 and server versions. Microsoft has already reported the vulnerability, which has been rated High Severity and has been identified as CVE-2021-36934. The company is just preparing to release an update to fix the error, but notes that the vulnerability in real life was not exploited by cybercriminals.

.
Source Link

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights

 

Most popular