Warning! Your iPhone, iPad are at risk of data theft
What's the story
In a major security alert, the Indian Computer Emergency Response Team (CERT-In) has warned iPhone and iPad users. CERT-In has flagged several vulnerabilities in Apple's software, including iOS and iPadOS, that could either expose sensitive data or make the devices unusable. In particular, iPhones running iOS versions older than 18.3 and iPads with iPadOS versions older than 17.7.3 are vulnerable.
List
Vulnerabilities affect a wide range of devices
The vulnerabilities flagged by CERT-In impact a wide range of Apple devices, both old and new. This includes models like the iPhone XS and newer ones, as well as different generations of the iPad Pro, Air, mini, and standard models.
Problem
Critical flaw in Darwin notification system
A critical flaw has been flagged in the Darwin notification system, a key component of Apple's internal messaging framework. The vulnerability in question allows any app to send sensitive system-level notifications without requiring special permissions. If exploited, the flaw could crash the device and render it unresponsive until you manually restore it.
Risks
Potential impacts of vulnerabilities
The potential impacts of these vulnerabilities are pretty severe. Hackers could steal secret data, including personal and financial information, bypass the built-in security mechanisms, and execute unauthorized code. In some cases, they could crash the device entirely, leaving it inoperable. CERT-In has confirmed that some of these vulnerabilities are being actively exploited in real-world scenarios.
Response
Apple has rolled out security updates
In light of these vulnerabilities, Apple has rolled out security updates. Users are strongly urged to update their devices to the latest available version of iOS or iPadOS without delay. Also, users should stop installing unverified applications and remain vigilant for any unusual device behavior, which could indicate malicious activity.