Key Highlights
- Samsung Mobile Android versions 11, 12, 13, and 14 are affected.
- Multiple vulnerabilities have been spotted in Apple products like iPhone, iPad, Mac, Apple TV, Apple Watch and Safari Web browser.
The Government of India has issued security warnings for millions of Samsung Galaxy phones and Apple iPhones, that point out several vulnerabilities, affecting both older and newer models. The device’s security weaknesses are that cyber attackers can change the clock, send commands, view private AR Emoji files, snoop around files, steal confidential data, take control of the phone, or even take over the system.
The security advisory has been issued by the Indian Computer Emergency Response Team (CERT-In) requesting users to update their operating system or firmware due to multiple vulnerabilities allowing attackers to bypass security restrictions.
In This Article
Vulnerabilities in Samsung products
According to an advisory note, multiple vulnerabilities have been reported in Samsung products that will enable a cybercriminal to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system. Samsung Mobile Android versions 11, 12, 13, and 14 are affected.
CERT says that the vulnerabilities exist due to improper access control flaws in KnoxCustomManager Service and SmartManagerCN component, integer overflow vulnerabilities in the face pre-processing library; improper authorisation verification vulnerabilities in AR Emoji, improper exception management vulnerabilities in Knox Guard, various out-of-bounds write vulnerabilities in the bootloader, HDCP in HAL, libIfaaca and libsavsac. so components, improper size check vulnerability in softsimd, improper input validation vulnerability in Smart-Clip and implicit intent hijacking vulnerability in contacts.
It has been observed that if these vulnerabilities are successfully exploited, an attacker may be able to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR Emoji, bypass Knox Guard lock via changing system time, access arbitrary files, gain access to sensitive information, and run arbitrary code and compromise the targeted system.
Vulnerabilities in Apple products
According to another alert multiple vulnerabilities have been spotted in Apple products like iPhone, iPad, Mac, Apple TV, Apple Watch and Safari Web browser.
CERT-In said, “Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, and perform spoofing attacks on the targeted systems.”
According to CERT software that is worst affected are: iOS and iPadOS versions before 17.2 and 16.7.3, macOS Sonoma versions before 14.2, macOS Ventura versions before 13.6.3, macOS Monterey versions before 12.7.2, tvOS versions before 17.2, watchOS versions before 10.2, and Safari versions before 17.2.
