Govt warns Apple users of high-risk security flaws in iPhones, other products

According to the advisory, multiple vulnerabilities have been reported in Apple products that could allow an attacker to access sensitive information of users

Update: 2024-09-22 13:33 GMT
The advisory, which came soon after the iPhone 16 launch, concerns a wide range of Apple software versions, including iOS, iPadOS, macOS, watchOS and visionOS

Shortly after the launch of iPhone 16, the Centre has issued a warning of ‘high-risk security” flaws in the iPhone and other Apple products.

According to the advisory by Indian Computer Emergency Response Team (CERT-In), multiple vulnerabilities have been reported in Apple products that could allow an attacker to access sensitive information of users. 

The advisory concerns a wide range of Apple software versions, including iOS, iPadOS, macOS, watchOS and visionOS.

High-risk warning

On September 19, CERT-In issued a high-risk warning to Apple users about multiple vulnerabilities found in several Apple products.

The vulnerabilities are rated as “high” risk because it can allow attackers to:

Gain unauthorised access to sensitive information

Execute arbitrary code on the device

Bypass critical security restrictions

Cause denial-of-service (DoS) conditions

Elevate privileges to gain control over the system

Perform spoofing attacks

Engage in cross-site scripting (XSS) attacks

How they can be vulnerable?

For example, for iOS and iPadOS users, with iOS versions prior to 18 or 17.7, can face DoS attacks, information disclosure, and security restriction bypassing.

Users running older versions of macOS may experience data manipulation, DoS, privilege elevation, and cross-site scripting.

While tvOS and watchOS products face similar risks of DoS attacks, XSS vulnerabilities, and information disclosure.

Older versions of Safari and Xcode can be vulnerable to spoofing and security restriction bypassing.

visionOS users may be at risk of data manipulation, DoS and information disclosure.

Which Apple products are vulnerable?

OS: Versions prior to 18 and 17.7

iPadOS: Versions prior to 18 and 17.7

macOS Sonoma: Versions prior to 14.7

macOS Ventura: Versions prior to 13.7

macOS Sequoia: Versions prior to 15

tvOS: Versions prior to 18

watchOS: Versions prior to 11

Safari: Versions prior to 18

Xcode: Versions prior to 16

visionOS: Versions prior to 2

What CERT-In recommends

What can be done? The advisory recommends that users must update their Apple devices to the latest versions of software to avoid the risks.

Users are also advised to monitor their devices for any unusual activity and ensure proper cybersecurity measures are in place.

In August this year, CERT-In has issued a “severe” warning to Apple users, highlighting several vulnerabilities in products such as iPhones, iPads, Macs, and more.

Earlier this month, CERT-In had also warned about the vulnerabilities in Google Chrome browser. The agency stated that these vulnerabilities only affected users prior to 128.0.6613.119/.120 for Windows and macOS and in versions prior to 128.0.6613.119 for Linux.

Tags:    

Similar News