The World Opinion

Tag: Cert-In

  • CERT-In Issues ‘High Severity’ Alert For iOS Users After iPhone 16 India Launch; Here’s What You Should Do |

    Apple Users Alert! CERT-In, an Indian Computer Emergency Response Team, has issued a high severity alert for iOS, iPadOS and macOS users soon after the launch of the iPhone 16 in the Indian market.

    Notably, CERT-In is the cyber security watchdog under the Ministry of Electronics and Information Technology (MeitY). The alert indicates that Apple products are susceptible to vulnerabilities, which could enable attackers to access sensitive information.

    Adding further, these vulnerabilities may allow attackers to execute arbitrary code, bypass security restrictions, trigger denial of service (DoS) conditions, circumvent authentication, escalate privileges, and conduct spoofing attacks on the targeted system.

    List of Impacted Versions of Apple Products Likely to Be Vulnerable

    -Apple iOS versions prior to 18 and iPadOS versions prior to 18

    -Apple iOS versions prior to 17.7 and iPadOS versions prior to 17.7

    -Apple macOS Sonoma versions prior to 14.7

    -Apple macOS Ventura versions prior to 13.7

    -Apple macOS Sequoia versions prior to 15

    -Apple tvOS versions prior to 18

    – Apple watchOS versions prior to 11

    -Apple Safari versions prior to 18

    – Apple Xcode versions prior to 16

    -Apple visionOS versions prior to 2

    What Should Apple Users Do To Avoid Security Breach?

    CERT-In has reported that specific vulnerabilities in Apple software have been addressed in the latest updates across multiple platforms, including iOS, iPadOS, macOS, tvOS, watchOS, Safari, Xcode, and visionOS.

    Users should verify their current software version to determine if they are using an outdated version that may still be vulnerable.

    To update, navigate to the settings of your device and look for the software update option, then follow the prompts to download and install the latest software updates from Apple.

    After updating, users should regularly check for new updates to maintain security and protect their devices from potential vulnerabilities.

    CERT Advice To Apple Product Users

    Meanwhile, CERT-In has reported that the Cupertino-based tech giant has addressed the issues in its latest software updates. To mitigate vulnerabilities, users are advised to update their devices to the latest software versions. Earlier this month, CERT-In also issued a warning regarding vulnerabilities in the Google Chrome browser.

  • Beware Google Chrome Users! CERT-IN Issues Urgent Warning: Details Here |

    An urgent alert has been issued by The Indian Computer Emergency Response Team (CERT-IN) for Google Chrome users about serious new vulnerabilities. These issues known as CIVN-2024-0282 could allow remote attackers to gain authorized access to your computer.

    The flaws affect Chrome versions older than 128.0.6613.119/.120 on Windows and macOS, and versions prior to 128.0.6613.119 on Linux. It’s crucial to update your browser to the latest version to stay secure.

    The issues identified, marked as CVE-2024-8362 and CVE-2024-7970, involve “use after free” bugs in Chrome’s Web Audio component. These vulnerabilities give cybercriminals a chance to infiltrate your system and execute commands without your consent. This could allow attackers to take full control of your computer, potentially leading to data theft, malware installation, or further cyberattacks.

    CERT-IN has highlighted the seriousness of these vulnerabilities and warned that attackers could exploit them by luring users to malicious websites. This type of attack, called drive-by downloading, happens when simply visiting a compromised webpage can infect your system without any additional user action.

    Therefore, it’s important to be cautious about the websites you visit and the links you click, especially those from unknown or suspicious sources. Google, in response to these issues has released updates to fix the vulnerabilities. CERT-IN advises users to update their browsers to the latest version as soon as possible to ensure their security.

  • Security Alert for Google Chrome Users! Govt Issues High-Severity Warning; Here’s How to Stay Safe |

    New Delhi: Google Chrome users in India have received a high-security warning from the Cybersecurity watchdog Indian Computer Emergency Response Team (Cert-In). Amid multiple vulnerabilities discovered in Google Chrome. the government has ordered Indian users to update their browsers with the latest security update that Google rolled out earlier this month.

    Notably, Google Chrome users can update their browsers to version 127.0.6533.99/.100 (for Windows and Mac) and 127.0.6533.99 (for Linux) to prevent themselves from being affected by this security flaw.

    As per the latest security warning, Chrome users on desktops or PCs should exercise extreme caution when clicking on suspicious emails or downloading files from untrustworthy links.

    Recently, the cybersecurity agency also issued a warning for users using Android smartphones powered by Qualcomm and MediaTek chipsets. It noted that the impacted smartphones are operating on Android versions 12, 12L, 13, and 14.

    Furthermore, a “severe” warning was also issued to Apple users who own iPhones, iPads, Macs, and more regarding multiple vulnerabilities by the cybersecurity agency.

    Google has confirmed that the security update has already been released to stable users on Windows and Mac, while Linux users can expect to receive the update in the coming days or weeks.

  • CERT-In Finds Multiple Bugs in Microsoft Edge, Advises Users to Update |

    New Delhi: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics and Information Technology, on Monday, warned users of multiple vulnerabilities in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system.

    The affected software includes Microsoft Edge Stable versions prior to 126.0.2592.68. “Multiple vulnerabilities have been reported in Microsoft Edge (Chromium-based) which could allow an attacker to compromise the targeted system,” said the CERT-In advisory.

    According to the cyber agency, these vulnerabilities exist in Microsoft Edge (Chromium-based) due to “type confusion in V8, inappropriate implementation in WebAssembly, out of bounds memory access in dawn and use after free in dawn”.

    An attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted webpage, the agency mentioned. CERT-In advised users to apply appropriate security updates as mentioned by the company.

    Meanwhile, CERT-In has joined hands with financial giant Mastercard to promote cooperation and information sharing in the area of ​​cybersecurity related to the financial sector.

    The two entities will leverage their shared expertise regarding the financial sector in the fields of cybersecurity incident response, capacity building, sharing cyber threat intelligence specific to the financial sector and advanced malware analysis.

  • Govt Issues Alert On Critical Vulnerability In TP-Link Router: Here’s How To Protect Your Device |

    New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued an urgent advisory about a critical flaw in TP-Link routers which is a widely used brand in India’s internet infrastructure. CERT-In is renowned for quickly identifying flaws in popular software and devices like Apple, Windows, Google Chrome and Mozilla has highlighted a critical threat which might not be obvious to most users.

    TP-Link routers which are essential for connecting devices like smartphones, laptops and tablets to the internet via Wi-Fi are at the centre of this concern. These routers serve as intermediaries between users and their internet service providers which allows seamless internet access without the need for physical cables. (Also Read: Poco F6 5G smartphone goes on sale in India on Flipkart; Check specs, price and discount offer)

    What are the Affected TP-Link Routers?

    CERT-In has identified a vulnerability in TP-Link Archer routers with versions prior to C5400X(EU)_V1_1.1.7 Build 20240510. Hence, Tp-Link routers using older firmware versions have this security flaw. (Also Read: What Is India’s EU-Like Anti-Trust Proposal That Irked Tech Giants Google, Amazon, Apple?)

    What is the root cause of the problem according to CERT-In?

    The issue stems from the improper neutralisation of a special element in a binary which is known as rf test. As outlined by CERT-In, this flaw exposes a network service to unauthenticated command injection.

    How to protect your device:

    To tackle this urgent matter, CERT-In recommends taking prompt action by patching TP-Link software without delay. Moreover, users are strongly encouraged to take proactive steps to bolster the security of their Wi-Fi networks and fend off potential threats:

    1. Make sure to keep your router’s firmware up to date by installing the latest security patches provided by the manufacturers.

    2. Avoid potential exploitation by changing the default login credentials. Replace commonly used usernames and passwords with unique and strong ones.

    3. Safeguard your data transmissions from interception by utilising WPA3 or WPA2 encryption protocols.

    4. Minimise risks by turning off remote management features which could potentially be exploited by unauthorised parties.

  • Google Releases New Security Update To Fix Zero-Day Vulnerability In Chrome; Here’s How To Update

    Earlier, the Indian Computer Emergency Response Team (CERT-In) also issued a warning against the vulnerability on Google Chrome for desktop.

  • ALERT! Govt Issues High-Risk Warning For Google Chrome And Apple iTunes: Here’s How To Stay Safe

    ‘Remote Code Extension’ is a security vulnerability in Apple products which happens from inadequate checks in the CoreMedia component.

  • Indian Cyber ​​Agency Finds Multiple Bugs In Cisco Products

    The ‘Command Injection Vulnerability’ exists in the reported software due to the contents of a backup file being improperly sanitized at restore time.

  • Security Alert For Android Users! Indian Govt Issued High-Risk Warning: Read More |

    New Delhi: In the age of digitalisation, many tough things become easy and can be done in a few clicks. But one thing that is growing parallel with the digital age is risks and vulnerabilities. Yes, this is the thing that may be encountered by you. Read on further to find out about the latest incident.

    In the latest and recent security alert issued by the Indian Computer Emergency Response Team (CERT-In), Android users across India have been cautioned about a significant security threat. (Also Read: ‘You Give More Money To Govt Than Spend On Yourself’: Social Media Post On Income Tax Concerns Goes Viral)

    As per the reports, the threat can impact a vast number of Android devices across the country. This latest high-severity issue could potentially enable hackers to steal important and sensitive data from affected smartphones. (Also Read: High-Security Alert For Apple Users! CERT-In Asked To Deploy Immediate Measures)

    How It Has Originated?

    According to CERT-In’s April 2024 bulletin, the vulnerabilities stem from various weaknesses in Android’s framework, system, and Google Play system updates, as well as components from major hardware suppliers like Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm, including their closed-source components.

    Which Android Versions Can Be Affected?

    The advisory specifies the Android versions susceptible to this security risk. Some of them include:

    Android 12 And 12L

    The report suggests that Android 12 and 12L are amongst the Android versions that may be affected.

    Android 13

    Android 13 is also on the list.

    Android 14

    Android 14 features on the list of Android versions susceptible to this security risk.

    Why The Concern Is Alarming?

    The different media reports claim that over 90 percent of active Android devices in India running on these versions. Now the ongoing situation raises considerable concern among users.

    The identified vulnerabilities could potentially allow attackers to access sensitive information, gain elevated privileges, and even cause denial of service conditions on targeted devices.

  • ALERT! Indian Government Warns Apple Users Of Major Security Risk

    Notably, the security issue affects various Apple devices, including Vision Pro, Apple TV HD and 4K models, Apple Watch Series 4, and later models.