Saturday November 23, 2024

Advisory ID: ngCERT-2023-0039

Summary: Users of the Google Chrome browser and Apple systems have lately been reported as vulnerable to malicious hackers who may exploit flaws discovered on the platforms. Vulnerabilities discovered recently in Google Chrome and Apple systems, particularly in the operating systems (OS) of the iPhone, iPad, Mac computers, Apple Watch, Apple TV, and Safari internet browser, may allow hackers to acquire control of the devices. As a result, individuals and organizations must take proactive actions to defend themselves from potential threats.

Threat Type(s): Malware

Damage/Probability: HIGH/HIGH

Description: Vulnerabilities in an IT system are flaws, features, or user error that can be exploited by an attacker to compromise IT infrastructure. Cybercriminals use a variety of hacking techniques to exploit flaws in web browsers and devices. Hackers find a flaw or weakness that allows them to download and execute malicious malware (typically after a user visits or clicks on a compromised URL or file). Following that, the code can automatically download and run other malicious code or steal vital corporate information. Phishing is another prevalent tactic used by hackers. In this case, attackers send phishing emails with exploit kits targeting at web browsers. Victim clicks on a link or attachment in the email, which opens a malicious page in their web browser, which can subsequently exploit an unpatched vulnerability to deploy malware packages or steal browser data.

Consequences: The exploitation of vulnerabilities in the aforementioned systems could result in:

i. Denial of services.

ii. Data exfiltration

iii. Identity theft.

iv. Financial losses

Solution: Service providers have issued security patches to reduce the dangers. Regardless, all users are encouraged to immediately:

  • Update their devices, software, and systems to the latest versions.
  • Clear browser history to erase stored credentials or passwords.
  • Clear cookies, as they can allow hackers to access email services without a user’s
  • Avoid clicking on malicious links that could compromise their browsers.

References:

https://www.thenationalnews.com/business/technology/2023/10/29/uae-issues-security-alert-for-google-chrome-and-apple-system -users/

https://fastcompanyme.com/news/uae-issues-security-warning-fo r-google-chrome-and-apple-users