Indian government issues high-risk warning for Apple users
What's the story
India's Computer Emergency Response Team (CERT-In) has issued a "high-risk" warning for Apple users across the country. The alert pertains to a critical vulnerability discovered in various Apple devices, including iPhones, MacBooks, iPads, and Vision Pro headsets. This flaw is associated with "remote code execution" and affects a broad range of Apple software and hardware.
Security flaw
Vulnerability allows remote code execution on devices
The vulnerability allows remote attackers to run arbitrary code on the targeted systems. This flaw exploits an out-of-bounds write issue in WebRTC and CoreMedia, potentially enabling attackers to remotely compromise devices. CERT-In's advisory specifically mentions that users of iPhone XS, iPad Pro models, iPad Air, iPad, and iPad mini could be at risk if their devices are running on outdated iOS and iPadOS versions.
Device risk
Warning extends to various Apple devices and software
The warning also applies to users of iPhone 8 series, iPhone X, and certain iPad models if their devices have not been updated to the latest iOS and iPadOS versions. MacBook users are also advised to update their systems as older versions of macOS Ventura and macOS Sonoma are susceptible to this vulnerability. Owners of the Apple Vision Pro headset should be aware of this security flaw in older visionOS versions.
Security measures
CERT-In suggests precautionary measures for users
To mitigate the risk of compromise, CERT-In recommends several precautionary measures. These include updating all Apple software to the latest versions with security patches and avoiding unsecured or public Wi-Fi networks. Users are also encouraged to enable Two-Factor Authentication (2FA), download apps only from trusted sources like App Store, and regularly back up important data.