Tag: security vulnerabilities

CERT-In Warns of Multiple Security Vulnerabilities Affecting Older iPhone, iPad Models: All You Need to Know

iPhone and iPad owners should update their devices to the latest available versions of iOS and iPadOS, especially older models that were not eligible to receive the latest version of iOS, according to CERT-In — or Indian Computer Emergency Response Team. The nodal security agency tasked with handling cybersecurity threats in the country recently issued a vulnerability note that warns of security flaws affecting some models running on iOS 16.7 or iPadOS 16.7 and older versions and asks users to update their devices.

In its vulnerability note CIVN-2023-0303 issued earlier in October, CERT-In has highlighted security flaws that affected older versions of iOS and iPadOS that were patched by the iPhone maker in an update released last month. According to the agency, the flaws affect versions before iOS 16.7.1 and iPadOS 16.7.1. The company rolled out iOS 17, the latest version of its mobile operating system, back in September. However, older models that were not eligible will remain on iOS 16 and receive occasional security updates.

CERT-In points to Apple’s support article that details the security issues patched by the company with the update to iOS 16.7.1 and iPadOS 16.7.1. With the recent update for older devices, Apple fixed a flaw causing improper validation in a kernel component on Apple’s operating system. The kernel is a core piece of software that has wide-ranging access and interfaces between the operating system and the device hardware. The flaw may have been actively exploited on older iOS versions, according to Apple. 

Similarly, Apple also patched a buffer overflow issue that was discovered in a WebRTC (a real time communication protocol used by several web services) component, on the latest iOS 16.7.1 and iPadOS 16.7.1 update. According to the firm, a malicious user could gain elevated privileges on these operating systems and run nefarious code on a victim’s device.

Fortunately, it’s easy to protect yourself if you are running a slightly older iPhone or iPad. CERT-In points to Apple’s support page for the latest iOS 16.7.1 and iPadOS 16.7.1 updates and states that users can update their devices to the latest version to remain safe from the security vulnerabilities.

While CERT-In’s advisory covers the security vulnerabilities patched on iOS 16.7.1, Apple has since released iOS 16.7.2 alongside iOS 17.1. These updates arrived on October 25 with fixes for even more flaws related to various system components and apps like Safari, Siri, Find My, Weather, and the iOS kernel. 

Owners of the iPhone 8, iPad Air (3rd generation), iPad (5th generation), iPad mini (5th generation) and iPad Pro models that are running on iOS 16 can also manually check for an update on their smartphone or tablet.

How to download the latest iOS update

  1. Connect to a Wi-Fi network and charge your iPhone or iPad to more than 50 per cent.
  2. Tap on General > Software Update in the Settings app.
  3. Wait for the iOS 16.7.2 update to be listed, then tap on Update Now.
  4. Enter your phone’s passcode, to begin the update process and wait for your phone to reboot.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

CERT-In Warns of Over 50 Security Flaws Affecting Android Smartphones: All You Need to Know

CERT-In — or Indian Computer Emergency Response Team — has warned of several security vulnerabilities affecting multiple versions of Android. These security flaws, if exploited by a malicious user, could be used to execute dangerous code, collect sensitive data, and launch a denial-of-service (DoS) attack on a victim. The security vulnerabilities affect three major versions of Android, across various parts of Google’s operating system (OS) — from the framework to components from Arm, MediaTek, Qualcomm, Unisoc, and others, according to the cybersecurity agency.

In a vulnerability note issued earlier this week, CERT-In lists out 51 security flaws affecting the Android OS. The nodal agency responsible for dealing with cybersecurity issues and threats has issued a critical severity rating for the vulnerability note. All the entries listed by CERT-In have been assigned a Common Vulnerabilities and Exposures (CVE) number.

According to CERT-In, these vulnerabilities affect Android 13, Android 12, Android 12L, and Android 11. It is currently unclear whether Android 14 is also affected as the source code for Android 14 was published a few days before the advisory was issued.

The 51 security flaws listed by CERT-In affect various parts of the Android operating system from the Android framework, the Android system, and Google Play system updates. Meanwhile, software for components not directly controlled by Google, including those from Arm, MediaTek, Unisoc, and Qualcomm, are also affected by these vulnerabilities.

Attackers who exploit these flaws could potentially elevate their privileges on a target’s smartphone, execute arbitrary (and malicious) code, extract sensitive information, and even perform a denial-of-service (DoS) attack, according to CERT-In.

Two of these flaws — CVE-2023-4863 and CVE-2023-4211 — could be actively exploited by attackers, and users should apply security patches “urgently”, according to the agency. These flaws relate to the Chromium engine that powers Google’s browser, and GPU memory processing operations on Android, respectively.

Users running on Pixel smartphones can install the latest update that includes the October security patches. Unfortunately, users who own smartphones from other manufacturers will have to wait until a security update is released along with fixes for these security flaws. 

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version