Govt warns Apple users of high-risk security flaws in iPhones, other products
According to the advisory, multiple vulnerabilities have been reported in Apple products that could allow an attacker to access sensitive information of users
Shortly after the launch of iPhone 16, the Centre has issued a warning of ‘high-risk security” flaws in the iPhone and other Apple products.
According to the advisory by Indian Computer Emergency Response Team (CERT-In), multiple vulnerabilities have been reported in Apple products that could allow an attacker to access sensitive information of users.
The advisory concerns a wide range of Apple software versions, including iOS, iPadOS, macOS, watchOS and visionOS.
High-risk warning
On September 19, CERT-In issued a high-risk warning to Apple users about multiple vulnerabilities found in several Apple products.
The vulnerabilities are rated as “high” risk because it can allow attackers to:
Gain unauthorised access to sensitive information
Execute arbitrary code on the device
Bypass critical security restrictions
Cause denial-of-service (DoS) conditions
Elevate privileges to gain control over the system
Perform spoofing attacks
Engage in cross-site scripting (XSS) attacks
How they can be vulnerable?
For example, for iOS and iPadOS users, with iOS versions prior to 18 or 17.7, can face DoS attacks, information disclosure, and security restriction bypassing.
Users running older versions of macOS may experience data manipulation, DoS, privilege elevation, and cross-site scripting.
While tvOS and watchOS products face similar risks of DoS attacks, XSS vulnerabilities, and information disclosure.
Older versions of Safari and Xcode can be vulnerable to spoofing and security restriction bypassing.
visionOS users may be at risk of data manipulation, DoS and information disclosure.
Which Apple products are vulnerable?
OS: Versions prior to 18 and 17.7
iPadOS: Versions prior to 18 and 17.7
macOS Sonoma: Versions prior to 14.7
macOS Ventura: Versions prior to 13.7
macOS Sequoia: Versions prior to 15
tvOS: Versions prior to 18
watchOS: Versions prior to 11
Safari: Versions prior to 18
Xcode: Versions prior to 16
visionOS: Versions prior to 2
What CERT-In recommends
What can be done? The advisory recommends that users must update their Apple devices to the latest versions of software to avoid the risks.
Users are also advised to monitor their devices for any unusual activity and ensure proper cybersecurity measures are in place.
In August this year, CERT-In has issued a “severe” warning to Apple users, highlighting several vulnerabilities in products such as iPhones, iPads, Macs, and more.
Earlier this month, CERT-In had also warned about the vulnerabilities in Google Chrome browser. The agency stated that these vulnerabilities only affected users prior to 128.0.6613.119/.120 for Windows and macOS and in versions prior to 128.0.6613.119 for Linux.
