Indian govt issues warning for Apple MacBook, iPhone, iPad users: check if your device is vulnerable

Indian government warns MacBook, iPhone, and iPad users about multiple vulnerabilities in OS.

Highlights
  • CERT-IN warns MacBook, iPhone, and iPad users about multiple vulnerabilities in OS. 
  • Apple macOS before Catalina 2022-005, Big Sur 11.6.8, and Monterey 12.5 are vulnerable to this threat. 
  • Updating to the latest version of OS available will fix these issues. 

In a post, CERT-IN – Indian Computer Emergency Response Team – warns Apple product users – MacBook, iPhone, and iPad – about multiple vulnerabilities that attackers can use to bypass security restrictions. According to the post, the affected software is Apple macOS before Catalina 2022-005, Big Sur 11.6.8, and Monterey 12.5. Apple’s iPhone and iPad running OS versions before 15.6 are also prone to the same threat.

Show Full Article

A remote attacker may leverage these flaws to run arbitrary codes, bypass security protocols, and disrupt the operation of targeted systems. According to reports, attackers could use these flaws by luring a victim to access maliciously created web content to skirt security checks and execute arbitrary code.

CERT-In suggests to cope with these vulnerabilities, update your Apple devices to the latest available security patches for Apple software. Therefore, updating the newest OS version available for these devices – macOS 12.5, iOS 15.6, and iPadOS 15.6 – will fix these issues.

Apple MacOS, iOS, iPadOS security threats

According to the post, the vulnerabilities in macOS are out-of-bounds read in AppleScript, SMB and Kernel, and out-of-bounds write in Audio, ICU, PS Normalizer, GU Drivers, SMB, and WebKit. Further, the post discloses data breaches in the Calendar and iCloud Photo Library and authorisation concerns in Apple Mobile File Integrity. Other known vulnerabilities listed in the post are memory corruption in the Intel Graphics Driver, GPU Drivers, SMB, PluginKit, Windows Server, Automation, and the File System Events.

Moving to iOS and iPadOS, high-risk vulnerabilities in iPhones and iPads can be caused by out-of-bounds writing in WebKit, ICU, Audio, GPU Drivers, and a buffer overflow in AppleAVD. Further, Authorisation issues in the Apple Mobile File Integrity and logic issues in File System Events, Home, ImageIO, Kernel and PluginKit.