New Delhi, April 3 (IANS) – The Indian Computer Emergency Response Team (CERT-In) has issued a warning to users regarding multiple vulnerabilities in Android and Mozilla Firefox web browsers. These vulnerabilities could potentially allow attackers to access sensitive information, execute arbitrary code, and cause Denial-of-Service conditions on targeted systems.
According to the advisory, the affected software versions include ‘Android 12, 12L, 13, 14’, and ‘Mozilla Firefox versions prior to 124.0.1 and Mozilla Firefox ESR versions before 115.9.1’.
The CERT-In advisory stated, “Successful exploitation of these vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges and cause a denial-of-service condition on the targeted system.”
The vulnerabilities in Android are attributed to flaws in the Framework, System, MediaTek components, Widevine, Qualcomm components, and Qualcomm closed-source components. In Mozilla Firefox, vulnerabilities exist due to out-of-bounds access via Range Analysis bypass and Privileged JavaScript Execution via Event Handlers.
Users are advised by the cyber agency to apply appropriate updates as soon as they become available to mitigate the risks associated with these vulnerabilities.
In addition to Android and Mozilla Firefox, CERT-In has also alerted users about vulnerabilities in Apple products like iPhones, MacBooks, and iPads. The agency warned that a remote attacker could exploit this vulnerability by luring a victim to visit a specifically-crafted request.
The vulnerability in Apple Products is due to out-of-bounds write issues in WebRTC and CoreMedia, as explained by CERT-In.
Security experts emphasize the importance of staying vigilant and promptly updating software to safeguard against potential cyber threats and attacks.
