India government warns of multiple vulnerabilities in Apple's iPhones, iPads
The Indian Computer Emergency Response Team (CERT-In) has issued a warning against security attacks in Apple's iPhones and iPads. According to the official advisory, the CVE-2022-42827 issue affects Apple iOS 16.1, iOS versions previous to 16.0.3, and iPadOS versions prior to 16. Users are asked to upgrade their devices to the latest software version in order to safeguard their privacy.
Why does this story matter?
Apple products are widely known for their impenetrable security features. The company closes any loopholes which emerge over time by regularly supplying software updates. However, things do not look good as the government has declared this vulnerability as 'high severity.' If you use any of the affected iPads or iPhones, exercise caution and ensure your devices are up to date with the latest software.
Which products are prone to the attack?
According to CERT-In, the following devices are already a victim of the CVE-2022-42827 issue. The list includes iPhone 8 and later models, iPad (5th generation) onward, iPad Air (3rd generation) and later, iPad mini (5th generation), and iPad Pro models. Devices running Apple iOS 16.1 or versions before 16.0.3, and iPadOS versions before 16 are also prone to attacks.
What is the reason behind the issue?
The cybersecurity service warns that the vulnerability is being exploited in the wild. The reasons for the attack, include: Improper security restrictions and improper path validation in the Sandbox component. Memory corruption issue in the IOHIDFamily component. Improper security restrictions in AppleMobileFileIntegrity component. Improper UI handling, Type confusion and Logic issues in the Webkit component. Improper entitlement in Core Bluetooth component.
Here's what the advisory says
"A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application," reads the official statement. "Successful exploitation of these vulnerabilities could allow the attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted system."
What precautions can be taken?
There are certain measures which you can take to avoid the attacks. Upgrade your device/s to the latest software update to avail the features offered by Apple Security. Ensure to apply the necessary security patches.