Government issues high risk warning for iPhone, iPad users: devices impacted, how to fix the flaw

The iPhone and iPad security issues were routinely amplified by CERT-In, a nodal agency under the Government of India.

  • iPhone and iPad devices were reportedly vulnerable to a critical flaw
  • CERT-In also issued an advisory for users to patch the flaws
  • Apple’s iOS 16.1 and iPadOS 16.1 have patched the issues

Apple has issued a patch that has seemingly fixed a number of critical security flaws on the company’s iPhone and iPad devices. The Indian Computer Emergency Response Team (CERT-In), a nodal agency under the union government’s Ministry of Electronics and Information Technology, had also issued a public advisory urging users to apply the patches and update their devices to keep their information safe. The flaws were of seemingly critical severity in nature, and could have potentially allowed cyber attackers to exploit and use as a remote backdoor on the devices.

Show Full Article

Users of iPhone 8 or later, iPad (5th gen), iPad Air (3rd gen) and iPad mini (5th gen) or later are all required to update their devices right away, which both Apple and CERT-In have explained in their vulnerability notes.

What the iPhone and iPad vulnerabilities signified

According to Apple’s patch notes for its latest iOS 16.1 and iPadOS 16.1 updates, as well as the CERT-In advisories, the issues were flagged under CVE-2022-42827. The latter is a log of the cyber exploit under the global Common Vulnerabilities and Exposures (CVE) naming scheme, which keeps a log of all cyber issues that are discovered by security researchers regularly. According to reports, the latest CVE that affected Apple devices represented an issue with the iOS kernel.

To be sure, the kernel is the core infrastructure of an operating system that has the highest system privilege to access all parts of the software that runs on devices — such as the Apple iPhone and iPad here. This CVE, as a result, could tap the iOS kernel to gain high level privilege to the device system.

As a result, any attacker could gain access to sensitive personal information stored on a user’s iPhone or iPad. To make matters worse, the CVE is believed to have been actively exploited by attackers — thus making it crucial for users to apply the patches right away.