CERT-In issues high-risk vulnerability warning to iPhone, iPad users
What's the story
The Computer Emergency Response Team (CERT-In) of the Indian government has issued a high-severity vulnerability warning to users of Apple products. This alert pertains to vulnerabilities found in various Apple software, that can be exploited by cybercriminals. The affected devices include the iPhone, iPad, MacBook, and Apple Watch. Apple TV and Vision Pro are also included.
Security risks
Vulnerabilities could lead to data breaches, DoS attacks
The identified vulnerabilities in Apple's software could potentially enable an attacker to access sensitive information or execute arbitrary code. They may also allow security restrictions to be bypassed, cause denial of service (DoS) attacks, and facilitate spoofing attacks on the targeted system. The software versions impacted by these vulnerabilities include iOS versions prior to 17.6, iPadOS (prior to 17.6 and 16.7.9), macOS Sonoma prior to 14.6, and macOS Ventura (versions prior to 13.6.80), among others.
Mitigation measures
CERT-In urges immediate security updates
CERT-In has confirmed that Apple has addressed these vulnerabilities in its latest security updates. The agency is urging users to promptly apply the appropriate security update to protect their devices. This warning comes at a time when Apple iPhone sales are projected to go up to 9.5 million units this year, according to estimates by the IDC.
Past alerts
Previous warnings and user guidelines
In May, CERT-In issued a similar warning for the Safari browser, Vision Pro, MacBooks and Apple Watch users. The alert highlighted a vulnerability, that could be exploited due to improper validation in Bluetooth, MediaRemote, Photos, Safari and Webkit components. The agency has urged all users to regularly monitor all relevant communication from Apple, while exercising caution when accessing potentially malicious websites or files.