Summarize

Simplifying... Inshort

Apple users, heads up!
CERT-In has flagged 'high-risk' security flaws in several Apple products and software versions, including iOS, iPadOS, macOS, tvOS, watchOS, Safari, Xcode, and visionOS.
If not addressed, these vulnerabilities could lead to data manipulation, DoS attacks, and information leaks.
To stay safe, it's recommended to update your software to the latest version and keep an eye out for any suspicious activity.

Was a long read? Making it simpler...

Next Article

Apple users are urged to update their devices

Apple users beware! CERT-In warns of 'high-risk' security flaws

By Akash Pandey

Sep 23, 2024

03:26 pm

What's the story

India's leading cybersecurity agency, the Computer Emergency Response Team-India (CERT-In), has issued a warning about significant vulnerabilities in various Apple products. The alert, released on September 19, identifies security risks across multiple Apple software platforms including iOS, iPadOS, watchOS, macOS, and visionOS. The cybersecurity agency has warned that if these vulnerabilities are not addressed, they could potentially allow attackers to access sensitive information on these devices. This warning coincides with the global launch of Apple's iPhone 16 series.

Software risks

Vulnerabilities identified in specific software versions

CERT-In has specifically identified the following Apple products and software versions as being at high risk: iOS and iPadOS (versions prior to 18 and 17.7), macOS Sonoma, Ventura, Sequoia (versions prior to 14.7, 13.7, and 15 respectively), tvOS (versions prior to 18), watchOS (versions prior to 11), Safari (versions prior to 18), Xcode (versions prior to 16) and visionOS (versions before version two).

Impact

CERT-In outlines potential impacts on products

CERT-In has also outlined potential impacts if the loopholes are not fixed. Users with iOS and iPadOS versions prior to 18 or 17.7 could face DoS attacks, information disclosure, and security restriction bypassing. Older versions of macOS may experience data manipulation, DoS, privilege elevation, and cross-site scripting. tvOS and watchOS products face similar risks while older Safari and Xcode versions could be vulnerable to spoofing and security restriction bypassing. visionOS users could face data manipulation, DoS attacks, and information leaks.

Mitigation measures

Apple users advised to update their software

In response to these security concerns, CERT-In has advised all Apple users to install the latest software update on their devices and stay vigilant about any unauthorized activity. The agency has also urged users to ensure proper security measures are in place. This advisory was issued just days after the launch of the highly anticipated iPhone 16 series, underscoring its urgency.

Past alerts

Previous warnings and Apple's response

This is not the first time CERT-In has issued such warnings. Earlier this month, the agency also warned about vulnerabilities in Google Chrome browser. However, it should be noted that these vulnerabilities only affected users prior to 128.0.6613.119/.120 for Windows and macOS and in versions prior to 128.0.6613.119 for Linux. In response to the current alert, Apple has reportedly fixed these vulnerabilities in its latest software updates, urging users to update their devices immediately for enhanced security.