- CERT-In has spotted multiple vulnerabilities in Apple products.
- They have asked iPhone and other Apple product users to update their devices.
- Let’s learn about these iPhone vulnerabilities and how to fix them.
The Indian government has warned Apple users including iPhone owners about multiple vulnerabilities that could open a backdoor for bad actors to execute malicious attacks. The attackers could escalate privileges and bypass security restrictions. So, to avoid this, the govt’s CERT-In department has asked iPhone and other Apple users to update their devices to the latest version.
Here’s the report in detail:
CERT-In vulnerability warning for Apple users
CERT-In, for the uninitiated, is a response team under the Ministry of Electronics and Information Technology of the Government of India. In a recent vulnerability note CIVN-2023-0275, CERT-In has marked three issues with Apple devices which is the cause of concern:
- A certificate validation issue in the security component
- An issue in the kernel
- An error in the WebKit component.
Malicious actors could misuse these vulnerabilities through phishing attacks wherein they send socially engineered messages. Interacting with these messages gives the attacker control over your device.
The hacker takes control of your device by doing the following once you interact with their specially crafted message:
- Execute arbitrary code
- Escalation of privileges
- Bypass security restrictions
Now, CERT-In notes it is the iPhone users with iOS version before iOS 16.7 that are primarily at risk.
So, here’s what you ought to do:
Update Apple devices including iPhone
iPhone users
Step 1: Go to iOS Settings on your iPhone
Step 2: Tap on General
Step 3: Tap on Software Update
Step 4: If your iPhone shows any pending updates, download and update the device to the latest iOS version.
That’s all.
Similarly, you can update other Apple devices. For example, you can update your MacBook by going to the Apple menu > System Settings > General > Software Update.
