Indian government warns Apple users of multiple vulnerabilities: Know solution
The Indian Computer Emergency Response Team or CERT-In has discovered medium to high-severity vulnerabilities and issued an advisory to Apple Watch, TV, and Macbook users. The nodal agency under the Ministry of Electronics and Information Technology (MeitY), has asked users to update their devices with the latest watchOS, tvOS, and macOS versions to safeguard their data from prying eyes. Here's the complete report.
Why does this story matter?
CERT-In is responsible for protection against cyber security threats like hacking and phishing. It involves a group of information security experts, who aim to tighten the security of India's internet domain. The MeitY wing has issued several advisories between March 31 and April 3 on its official website, giving Apple product users a warning, and asking them to take immediate precautions.
Safari web browser versions prior to 16.4 have been affected
According to the notification from March 31, Apple's proprietary web browser, Safari (with versions before 16.4) has been affected by multiple vulnerabilities. The attackers can exploit these vulnerabilities to persuade a victim and gain access to the information on their system. The flaw has appeared due to "improper state management" and disclosing of origin information in the WebKit component, says CERT-In.
Multiple versions of tvOS and WatchOS are under the scanner
Several tvOS and WatchOS versions prior to 16.4 and 9.4, respectively, have also been affected. According to the nodal agency, the vulnerabilities reported in tvOS and WatchOS versions can allow hackers to bypass privacy preferences, execute arbitrary code with kernel preferences, and collect users' sensitive data. AppleMobileFileIntegrity, Identity Services, TCC, Find My Shortcuts and WebKit, and more have been reported as the cause.
macOS Ventura, Big Sur, and Monterey are also in trouble
CERT-In has also reported vulnerabilities for Macs running macOS Ventura, Big Sur, and Monterey with versions before 13.3, 11.7.5, and 12.6.4, respectively. The flaws may allow attackers to disclose sensitive information, spoof VPN servers, bypass security restrictions, gain root privileges, read or modify information, execute arbitrary codes, and even cause a denial of service conditions on a Mac.
A specially crafted app is what hackers need
The flaws in macOS Ventura, Big Sur, and Monterey exist due to memory issues, improper checks and input validation, improper state management, privacy and logic issues, and an older VIM version. Hackers can exploit these vulnerabilities with specially crafted apps.
Update your device to the latest version immediately
CERT-In is advising users to update their system with the latest update to safeguard their data. To upgrade Safari, head to the App Store on Mac, and click "Updates" in the App Store toolbar. Now, use the "Update" button to download and install any listed update. Similarly, individuals are recommended to get the newer Apple tvOS, watchOS, and macOS versions.