Here’s the report in detail:
CERT-In vulnerability warning for Apple users
CERT-In, for the uninitiated, is a response team under the Ministry of Electronics and Information Technology of the Government of India. In a recent vulnerability note CIVN-2023-0275, CERT-In has marked three issues with Apple devices which is the cause of concern:
- A certificate validation issue in the security component
- An issue in the kernel
- An error in the WebKit component.
Malicious actors could misuse these vulnerabilities through phishing attacks wherein they send socially engineered messages. Interacting with these messages gives the attacker control over your device.
The hacker takes control of your device by doing the following once you interact with their specially crafted message:
- Execute arbitrary code
- Escalation of privileges
- Bypass security restrictions
Now, CERT-In notes it is the iPhone users with iOS version before iOS 16.7 that are primarily at risk.
So, here’s what you ought to do:
Update Apple devices including iPhone
iPhone users
Step 1: Go to iOS Settings on your iPhone
Step 2: Tap on General
Step 3: Tap on Software Update
Step 4: If your iPhone shows any pending updates, download and update the device to the latest iOS version.
That’s all.
Similarly, you can update other Apple devices. For example, you can update your MacBook by going to the Apple menu > System Settings > General > Software Update.