Apple iPhone and iPad users are at “high danger,” according to a recent advisory from the Indian government’s cybersecurity team. According to the most recent notice from the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology, multiple vulnerabilities in Apple iOS and iPadOS have been discovered.
These flaws could allow a remote attacker to obtain access to sensitive information, execute arbitrary code, spoof the interface address, or cause a denial of service issue on the afflicted device. According to CERT-In, multiple vulnerabilities detected in the Mac operating system were categorized as ‘critical,’ the maximum serious grade in cyber security parlance.
Because of the presence of these vulnerabilities, a hacker might execute any instructions or code of their choice on a target device after gaining control of the device via the vulnerability.
Users are not completely safe, even though Apple has issued fixes for the vulnerabilities, which may be installed by downloading the latest software updates. Worryingly, according to Apple, these vulnerabilities may have already been exploited by hackers.
According to a federal government warning notice, the issues were detected in previous versions of Apple iOS 16.1 and Apple iOS 16.0. CVE-2022-42827 is one of the flaws with this device. These flaws have been detected in Apple’s iPhone 8 and subsequent devices, as well as iPad Pro models, iPad Air 3rd generation and later, and iPad mini 5th generation. Apple iOS and iPadiOS include flaws, according to a CERT-IN advisory.
“Apple is aware of a report that this flaw may have been actively exploited,” Apple said in a statement on its official website regarding the vulnerabilities. Apple devices with iOS and iPadOS versions previous to 15.5 have been classified as extremely dangerous. macOS Catalina prior to security update 2022-004, macOS Big Sur prior to 11.6.6, and macOS Monterey prior to 12.4 have all been classed as critically serious.
In terms of the Apple Watch, any device running watchOS versions prior to 8.6 is exceedingly risky. Users who are running older versions of these operating systems should update their devices as soon as possible. If upgrading the device is not a possibility, all sensitive and critical data should be wiped.
According to CERT-alert, In’s several vulnerabilities exist in Apple iOS and iPadOS owing to :
- Inadequate security controls in the AppleMobileFileIntegrity component
- Incorrect bounds check in the Avevideoencoder component
- Incorrect validation in the CrNetwork component
- Incorrect entitlement in the Core Bluetooth component
- Incorrect memory handling in the GPU Drivers component
- IOHIDFamily component memory corruption
- IOKit component use after free and race situation issues
- Incorrect memory handling and an out-of-bounds write problem in the Kernel component
- Incorrect memory handling and a race situation problem in the PPP component
- Using after the free issue
- Improper security constraints and path validation in the Sandbox component
- Improper UI handling, type confusion, and logic problems with the Webkit component
- WebKit PDF component has a use-after-free bug.
- Incorrect input validation in the Mail component.
To avoid fraud, Apple iPhone and iPad consumers should immediately install the most recent available update on their devices, according to the CERT-In notice. In the wild, the flaw is being used. It is strongly advised that users install the software upgrades included in Apple Security updates.
Meanwhile, Apple has just released a security update that resolves a number of severe zero-day vulnerabilities affecting iOS and iPadOS devices. A zero-day exploit is a security issue that developers were unaware of and thus did not fix.
Also Read : Microsoft net profit slips by 14% in Q1, fears of slowing economy weighs
170 total views, 1 views today