Updated on March 20, 2024, at 09:38 AM IST
- CERT-In has issued a high-severity warning for Apple iOS and iPadOS devices.
- Vulnerabilities impact iOS and iPadOS versions earlier than 16.7.6 and v17.4, respectively.
- Exploitation could result in system failures, unauthorized code execution, and access to sensitive information.
The Indian Computer Emergency Response Team (CERT-In) has raised alarm bells for Apple iPhone and iPad users by issuing a high severity warning regarding potential vulnerabilities in the devices’ operating systems. Released on March 15, the warning, listed on the official CERT-In website, highlights multiple flaws in Apple’s iOS and iPadOS, posing serious risks such as system malfunctions, unauthorized code execution, and exposure of sensitive data to malicious actors.
The security loophole, as identified by CERT-In, could enable attackers to trigger a denial of service condition, execute arbitrary code, disclose sensitive information, and circumvent existing security protocols on affected systems. This grave concern underscores the urgent need for users to take proactive measures to safeguard their devices and personal information.
The identified vulnerability affects iOS versions preceding 16.7.6 and iPadOS versions prior to v17.4. Devices susceptible to these flaws include iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, among others. CERT-In’s warning also extends to newer models such as iPhone XS and above, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and beyond, and various other iPad iterations.
The root causes of these vulnerabilities, according to CERT-In, vary from improper validation in Bluetooth, libxpc, MediaRemote, Photos, Safari, and WebKit components to privacy concerns in ExtensionKit, Messages, Share Sheet, Synapse, and Notes functionalities. Moreover, issues related to ImagelO memory utilization, kernel and RTKit memory errors, as well as logic and timing flaws in Safari Private Browsing, Sandbox, Siri, and CoreCrypto, further exacerbate the security risks.
Exploitation of these vulnerabilities could have dire consequences, including system instability, unauthorized code execution, unauthorized access to private data, and bypassing of security measures. In response, users are urged to take immediate action to mitigate these risks and fortify the security posture of their Apple devices.
To protect against potential exploitation, users are advised to:
- Update software: Ensure that devices are running the latest iOS and iPadOS versions provided by Apple.
- Install security patches: Apply any available security patches specifically addressing the vulnerabilities highlighted by CERT-In.
- Use secure connections: Avoid connecting to unsecured Wi-Fi networks to minimize the risk of unauthorized access.
- Enable Two-Factor Authentication (2FA): Implement an additional layer of security to prevent unauthorized access to accounts.
- Exercise caution with downloads: Only download apps and software from trusted sources to mitigate the risk of malware or malicious code.
- Regularly back up data: Maintain up-to-date backups of important data to mitigate potential data loss in the event of a security breach.
- Stay informed: Stay abreast of security alerts and advisories from official sources to stay informed about potential threats and vulnerabilities.
By adhering to these precautions, users can significantly reduce their susceptibility to exploitation and enhance the overall security posture of their Apple devices.
Also Read: YOUTUBE MUSIC TO INTRODUCE HUM-TO-SEARCH FEATURE FOR SONG DISCOVERY
