Apple iPhone, MacBook users beware! Government warns of new vulnerability
The government has issued a "high severity" advisory for those using Apple products such as iPhones, MacBooks, Watches, and Apple TV. Apple users have been asked to update their devices to the latest software version by the Indian Computer Emergency Response Team (CERT-In), the Ministry of Electronics and Information Technology. The government watchdog has notably flagged multiple security issues in Apple products.
Why does it matter?
- Apple is considered to be the safest product in terms of data privacy.
- However, the government-found vulnerabilities in products may easily expose users' sensitive information to an attacker.
- Apple, too, has warned of some vulnerabilities to its users.
- Notably, it has fixed many of these vulnerabilities through its latest update.
- Thus, users are advised to update their devices for safety.
What are the vulnerabilities in Apple products?
The vulnerabilities in Apple products are due to improper memory handling, state management, input validation, checks, handling of file metadata, state handling, bounds checking, locking, sandbox restrictions, access restrictions, permissions logic, execution of JavaScript in a scripting dictionary, and misconfiguration in Bluetooth, according to CERT-In.
What does the advisory say?
If the user does not update their device to the latest version, their device may get tracked or become vulnerable to malware attacks, the advisory said. "An attacker could exploit these vulnerabilities by convincing the user to run a maliciously crafted application," it said. "Successful exploitation of these vulnerabilities could allow an attacker to bypass security restrictions" and can even disclose sensitive information.
Apple fixes several vulnerabilities in latest update
Meanwhile, Apple has recently warned that parsing a maliciously crafted audio or image file may lead to the disclosure of user information if users do not install the latest update. In the case of MacBooks, the device may be "passively tracked via BSSIDs." The tech giant has fixed a lot of Common Vulnerabilities and Exposures (CVE) with these updates.
CERT-In issues warning for Google Chrome too
Earlier on Wednesday, CERT-In had issued a similar "urgent warning" for Google Chrome users. The warning was issued after multiple vulnerabilities in Chrome had been discovered as a result of Type Confusion in V8. The advisory said an attacker could exploit these vulnerabilities, and "the successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the targeted system."
