The Computer Emergency Response Team (CERT-In), a branch of India's Ministry of Electronics and Information Technology, has issued a "high" security alert for users of Apple devices. CERT-In's official website has raised concerns about several vulnerabilities that, if not addressed, could lead to unauthorized access to users' phones and the potential theft of sensitive data.
Specifically, CERT-In has highlighted significant security flaws in the WebKit browser engine, utilized by browsers like Safari. This poses a serious risk to users of Apple products such as iPhones and Apple Watches.
Exploiting these vulnerabilities could enable attackers to deceive users into visiting harmful websites or opening malicious attachments. This could potentially grant unauthorized access to the user's personal data and files, and even facilitate the installation of malware on their device.
The official note states, "Multiple vulnerabilities have been reported in Apple products which could allow an attacker to execute arbitrary code, escalation of privileges or bypass security restrictions on the targeted system."
In simpler terms, Apple device users are at risk of having their personal information stolen or their devices infected with malware if they are not cautious about the links they click or attachments they open.
CERT-In emphasizes that these vulnerabilities are actively being exploited in the wild in versions of iOS preceding iOS 16.7. The following Apple devices are particularly susceptible:
- Apple macOS Monterey versions before 12.7
- Apple macOS Ventura versions before 13.6
- Apple watchOS versions before 9.6.3
- Apple watchOS versions before 10.0.1
- Apple iOS versions before 16.7 and iPadOS versions before 16.7
- Apple iOS versions before 17.0.1 and iPadOS versions before 17.0.1
- Apple Safari versions before 16.6.1
To ensure personal data safety, the national authority overseeing cybersecurity strongly advises promptly installing the latest updates for watchOS, tvOS, and macOS on Apple devices. Neglecting these software vulnerabilities in devices like Apple Watches, TVs, iPhones, and MacBooks could potentially expose them to unauthorized access by malicious actors. Apple has provided the necessary upgrades to address this issue on their official website, cert-in.org.in.
Furthermore, users of Apple iPhone, iPad, and WatchOS can benefit from the latest software version, which includes improved security features and device enhancements.