The Indian Computer Emergency Response Team (CERT-In) has recently issued a warning concerning several Apple products, including the iPhone, iPad, Mac, among others. This advisory highlights the discovery of numerous ‘high’ severity vulnerabilities across various Apple operating systems, which are instrumental in powering the tech giant’s range of devices. These critical weaknesses, if exploited, could enable unauthorized individuals to gain access to the devices and potentially allow attackers to execute arbitrary code remotely.
Specifically, the vulnerabilities affect a range of software versions, including Apple visionOS versions earlier than 1.1, available for Apple Vision Pro; Apple tvOS versions earlier than 17.4, which run on Apple TV HD and Apple TV 4K (all models); Apple watchOS versions earlier than 10.4, applicable for Apple Watch Series 4 and later; and Apple macOS versions Monterey prior to 12.7.4, Sonoma prior to 14.4, and Ventura prior to 13.6.5. Furthermore, Apple Xcode versions before 15.3 (for macOS Sonoma 14 and later) and Apple GarageBand versions prior to 10.4.11 (for macOS Ventura and Sonoma) are also on the list of affected software.
The government body has elaborated that these vulnerabilities could allow an attacker to bypass security restrictions, execute arbitrary code, disclose sensitive information, gain elevated privileges, or cause a denial of service condition on the targeted system. It’s a situation that puts a considerable number of devices at risk, given Apple’s significant market presence worldwide.
As a remedy to this critical issue, CERT-In has recommended that users ensure their devices are updated to the latest available version of the operating system to safeguard against potential exploitation of these vulnerabilities. This proactive measure is essential to secure the devices from potential cyber threats that could exploit these vulnerabilities.
The listed vulnerabilities come with multiple CVE (Common Vulnerabilities and Exposures) numbers, indicating the wide array of potential security issues found across Apple products. The CVE identifiers associated with these vulnerabilities include CVE-2022-42816, CVE-2022-48554, CVE-2023-28826, CVE-2023-42853, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, and a series of identifiers extending into 2024, ranging from CVE-2024-0258 up to CVE-2024-23300.
The TOI Tech Desk, a team dedicated to delivering pertinent news from the technology sector to readers of The Times of India, is actively covering this development. Their commitment to reporting spans across various facets of technology — from gadget launches, reviews, trends, in-depth analyses to exclusive reports and breaking stories impacting the tech and digital universe. Through meticulous reporting, TOI Tech Desk aims to keep its audience informed about significant developments such as this to enhance awareness and promote cybersecurity across the digital ecosystem.
Source