The Indian Computer Emergency Response Team (CERT-In), a key government cybersecurity agency, has issued a critical warning for users of Apple products, citing a ‘high’ severity level for a newly discovered vulnerability. According to CERT-In’s advisory, a ‘remote code execution vulnerability’ has been identified across several Apple devices, posing a significant risk to user security.
This vulnerability primarily affects iPhone and iPad users operating on iOS and iPadOS versions prior to 17.4.1, alongside users of earlier Apple Safari versions before 17.4.1, and certain macOS versions. Devices susceptible include all iPhone models post-iPhone XS, iPad Pro (12.9-inch 2nd generation and later), iPad Pro (10.5-inch and later), iPad Pro (11-inch 1st generation and later), iPad Air (3rd generation and later), iPad (6th generation and later), and iPad mini (5th generation and later). Additionally, the issue extends to older devices running iOS and iPadOS versions before 16.7.7, including the iPhone 8, iPhone 8 Plus, iPhone X, along with specific iPad and MacBook models. Moreover, Apple’s Vision Pro headset users are also at risk due to vulnerabilities in VisionOS versions prior to 1.1.1.
The core of the security flaw lies in an ‘out-of-bounds write issue in WebRTC and CoreMedia’, which can be exploited by attackers through deception—enticing victims to click on malicious links that enable remote access and execution of arbitrary code on the targeted device.
In light of these findings, CERT-In has outlined several recommendations to safeguard against potential exploitation. Users are urged to update their Apple devices to the latest available software versions, including iOS, iPadOS, macOS, and Safari, to incorporate security fixes addressing this vulnerability. Applying security patches as soon as they are released by Apple is crucial to maintaining the integrity of device security.
Additional protective measures include the prioritization of secure network connections and avoidance of unsecured or public Wi-Fi to minimize the risk of unauthorized access. Enabling Two-Factor Authentication (2FA) is recommended for an added security layer, alongside cautious downloading practices, ensuring only trusted sources such as the Apple App Store are used for app and software installations. Regular data backups and staying informed through alerts from reputable sources like CERT-In or Apple further contribute to the resilience against such vulnerabilities.
As digital threats continue to evolve, adhering to these precautionary steps is paramount for users to protect their devices and personal information from potential cyber-attacks.
Source
