Alert Issued by Indian Government to Apple Users Regarding Potential Security Risks
The Indian Computer Emergency Response Team (CERT-IN) has issued a “high” severity alert for users of several Apple products, including Macs, iPhones, iPads and even the Apple Watch. They advise users to update their browsers as soon as possible to prevent hackers from executing arbitrary code and bypassing security measures.
Who it concerns:
According to CERT-In, users of the following software versions are affected:
- Apple macOS Monterey versions 12.7
- Apple macOS Ventura versions 13.6
- Apple watchOS versions 9.6.3
- Apple watchOS versions 10.0.1
- Apple iOS versions older than 16.7 and iPadOS versions older than 16.7
- Apple iOS versions older than 17.0.1 and iPadOS versions older than 17.0.1
- Apple Safari versions 16.6.1
How do these vulnerabilities affect users?
As pointed out by CERT-In, Apple products have these vulnerabilities due to a certificate validation issue in the Security component, which was also reported to be a problem in the kernel and a bug in the WebKit component.
By exploiting these vulnerabilities, an attacker could potentially send specially crafted requests that lead to arbitrary code execution, privilege escalation, or bypassing security restrictions on the targeted system.
Simply put, hackers can use these vulnerabilities to breach the device’s security and steal data or carry out other malicious intentions.
What can you do?
To stay safe from all the aforementioned risks, users should update their Apple devices to the latest available updates as soon as possible. If your device is limited to the software version listed here, you should consider upgrading to a newer device for security reasons.