New Delhi: The Indian Computer Emergency Response Team (CERT-IN) has issued a vulnerability warning for some versions of Microsoft’s Windows as well as iOS and iPadOS. The agency has said that the severity of the vulnerability is ‘high’. It said that the vulnerability could allow an attacker to gain elevated privileges on the targeted system.
CERT-IN said that the vulnerability exists in Windows due to overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database.
It warned that due to the vulnerability, an attacker could gain a shadow copy of the system drive, exploit security weaknesses, extract account password hashes as well as discover the original Windows installation password.
The affected Windows software are as follows:
- Windows 10 Version 1809 for 32-bit Systems, ARM64-based systems and x64-based systems
- Windows 10 Version 1909 for 32-bit Systems, ARM64-based systems and x64-based systems
- Windows 10 Version 2004 for 32-bit Systems, ARM64-based systems and x64-based systems
- Windows 10 Version 20H2 for 32-bit Systems, ARM64-based systems and x64-based systems
- Windows 10 Version 21H1 for 32-bit Systems, ARM64-based systems and x64-based systems
- Windows Server 2019
- Windows Server 2019 (server core installation)
- Windows Server, version 2004 (server core installation)
The cyber agency had also issued a high severity alert for Apple iPhone and iPad users. It asked them to immediately update their devices to iOS 14.7.1 and iPadOS 14.7.1. The agency under the Ministry of Electronics and Information Technology said that active vulnerabilities in both iPad and iPhones are “currently being exploited”. Not updating their system will allow an attacker to gain elevated privileges to the targeted system.
The affected Apple software are as follows:
- Apple macOS Big Sur versions prior to 11.5.1
- Apple iOS and iPadOS versions prior to 14.7.1
- iPhone 6s and later,
- iPad Pro (all models)
- iPad Air 2 and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPod touch (7th generation)
- macOS Big Sur
This vulnerability exists in IOMobileFrameBuffer of Apple iOS and iPadOS due to memory corruption issues with inadequate memory handling.
(Inputs from BT)