The Indian Computer Emergency Response Team (CERT-In), which operates under the Ministry of Electronics and Information Technology, has issued a warning to users about potential vulnerabilities in Apple iTunes and Google Chrome for desktop. These vulnerabilities could allow attackers to execute arbitrary code on the targeted system. The affected software includes Apple iTunes versions prior to 12.13.2 for Windows. For Chrome for Desktop, the affected software includes -- versions prior to 124.0.6367.201/.202 (for Windows and Mac) and versions before 124.0.6367.201 (for Linux).
"A vulnerability has been reported in Apple iTunes which could be exploited by a remote attacker to execute arbitrary code on the targeted system," said the CERT-In advisory.
There is a security vulnerability in Apple products, called 'Remote Code Execution', caused by insufficient checks in the CoreMedia component. A malicious attacker could take advantage of this vulnerability by sending a specially crafted request. Similarly, Google Chrome has reported vulnerabilities in its Visuals and ANGLE components, as well as in WebAudio due to use-after-free errors and heap buffer overflow, respectively.
How to protect yourself
These vulnerabilities could be exploited by a remote attacker who executes a specially crafted HTML page, causing heap corruption. If successfully exploited, the remote attacker could gain access to the targeted system. In order to protect against these vulnerabilities, users are advised to apply the security updates as recommended by the respective companies.
Meanwhile, The Department of Telecommunications (DoT) has instructed telecom service providers (TSPs) to block 28,200 mobile handsets and verify again 20 lakh mobile connections to protect citizens from digital threats. The Ministry of Home Affairs (MHA) and state police, in collaboration with DoT, are taking measures to prevent the misuse of telecom resources in cybercrime and financial fraud.
An analysis by MHA and state police revealed that 28,200 mobile handsets were misused in various cybercrimes, and a staggering 20 lakh numbers were used with these mobile handsets. To tackle this issue, DoT has mandated Telecom Service Providers (TSPs) to block the 28,200 mobile handsets and re-verify 20 lakh mobile connections linked to those handsets. Any failure in re-verification will result in disconnection.
ALSO READ: 25 per cent of cyberattacks driven by 'espionage' in APAC region: Details
Inputs from IANS
