CERT-In Warns of Critical Security Flaws in macOS and Chrome

CERT-In Issues High-Severity Alert for macOS and Chrome Users

India’s Computer Emergency Response Team (CERT-In) has issued a critical security warning for millions of users of Apple macOS and Google Chrome. The agency warns of multiple high-risk vulnerabilities that could let attackers take complete control of affected systems.

Details of the macOS Vulnerabilities

The vulnerability note, CIVN-2024-0170, details risks for specific macOS versions:

• macOS Sonoma versions before 14.4
• macOS Ventura versions before 13.6.5
• macOS Monterey versions before 12.7.4

The flaws exist in core components like App Intents, AppleAVD, Audio, Bluetooth, and CloudKit. A remote attacker could send specially crafted requests to exploit these weaknesses, potentially bypassing security, executing malicious code, disclosing sensitive information, or causing a denial-of-service attack.

Google Chrome Security Flaw

For Google Chrome, the warning highlights “use after free” vulnerabilities in the FedCM (Federated Credential Management) component. The affected versions are prior to 123.0.6312.58/.59 for Windows and Mac, and prior to 123.0.6312.58 for Linux.

“A remote attacker could exploit these vulnerabilities by sending a specially crafted request to the targeted system,” CERT-In stated.

Successful exploitation could allow an attacker to run arbitrary code on a victim’s machine.

How to Protect Your System

CERT-In’s primary advice is to apply security updates immediately:

• macOS Users: Update to macOS Sonoma 14.4, Ventura 13.6.5, Monterey 12.7.4, or later.
• Chrome Users: Update to version 123.0.6312.58/.59 (Windows/Mac) or 123.0.6312.58 (Linux) or later.

For broader online safety, the agency recommends:

• Exercise extreme caution with links in emails or messages from unknown sources.
• Avoid visiting untrusted websites.
• Download software only from official app stores or trusted sources.
• Enable automatic updates for your OS and applications.