The Indian Computer Emergency Response Team (CERT-In) has issued a high severity warning for users of Apple products in India. The agency has identified multiple vulnerabilities that could potentially allow hackers to access sensitive information on a user’s device.
The warning from CERT-In highlights a “remote code execution vulnerability” in Apple products, which could leave devices vulnerable to exploitation by hackers. This vulnerability has been rated as ‘high’ severity by the government body.
According to CERT-In, the vulnerability affects users of iPhone and iPad devices running iOS and iPadOS versions prior to 17.4.1. This includes devices such as all iPhones after iPhone XS, iPad Pro 12.9-inch 2nd generation and later, all versions after iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air gen 3 and later, iPad gen 6 and later, and iPad mini version after gen 5.
Additionally, iOS and iPad versions before the 16.7.7 update are also affected, which includes iPhone 8, iPhone 8 Plus, iPhone X, iPad gen 5, iPad Pro 9.7-inch, and iPad Pro 12.9-inch gen 1.
The vulnerability extends to Apple Safari versions prior to 17.4.1, available for macOS Monterey and macOS Ventura. It also affects MacBook users on macOS Venture versions prior to 13.6.6, and macOS Sonoma versions prior to 14.4.1.
Furthermore, there is a warning for Vision Pro headset users due to a vulnerability in VisionOS versions before 1.1.1.
The vulnerability, as detailed by CERT-In, is attributed to an “out-of-bounds write issue in WebRTC and CoreMedia.” This means that hackers could potentially exploit this flaw by tricking users into visiting a specific link, allowing them to execute arbitrary code on the targeted system.
To protect Apple devices from such vulnerabilities, users are advised to take several precautions. Keeping devices updated with the latest software versions is crucial to benefit from security fixes. Users should also apply any security patches provided by Apple, especially those addressing vulnerabilities highlighted by CERT-In. When connecting to networks, it is recommended to prioritize secure connections and avoid unsecured or public Wi-Fi networks to minimize the risk of unauthorized access.
Enabling Two-Factor Authentication (2FA) is another important step for added security, as it can mitigate the impact of credential compromises. Additionally, users should exercise caution when downloading apps or software, sticking to trusted sources like the Apple App Store to avoid potential threats.
Regularly backing up important data is also advised to protect against data loss due to security breaches or system failures. Staying informed about security alerts and advisories from reputable sources such as CERT-In or Apple can help users take proactive measures against emerging threats and ensure the ongoing security of their devices.
