close
close
numb-two

Center warns of ‘high’ risk security flaws in iPhones, other Apple products

Heory
Center warns of ‘high’ risk security flaws in iPhones, other Apple products

The message advises users to update their Apple devices to the latest software versions.

Days after Apple launched its highly anticipated iPhone 16 series, the Indian Computer Emergency Response Team (CERT-In) has issued a high-risk alert regarding multiple security flaws found in several Apple products. The alert, issued on September 19, covers a wide range of Apple software versions, including iOS, iPadOS, macOS, watchOS, and visionOS.

Products covered by the campaign

The CERT-In alert describes the following affected Apple products:

  • iOS: versions older than 18 and 17.7
  • iPadOS: versions prior to 18 and 17.7
  • macOS Sonoma: versions earlier than 14.7
  • macOS Ventura: versions earlier than 13.7
  • macOS Sequoia: versions older than 15
  • tvOS: versions older than 18
  • watchOS: versions earlier than 11
  • Safari: versions older than 18
  • Xcode: versions earlier than 16
  • visionOS: versions earlier than 2

Key Risks and Impacts

These vulnerabilities are rated as “high” risk and if exploited, attackers could:

  • Gain unauthorized access to confidential information
  • Execute any code on device
  • Bypass critical security restrictions
  • Cause Denial of Service (DoS) conditions
  • Elevate privileges to gain control over the system
  • Conduct spoofing attacks
  • Take part in cross-site scripting (XSS) attacks

Potential Impacts by Product

  • iOS and iPadOS: Users with iOS versions older than 18 or 17.7 may be subject to DoS attacks, information disclosure, and security restriction bypasses.
  • macOS (Sonoma, Ventura, Sequoia): Users of older versions of macOS may encounter data manipulation, DoS attacks, privilege escalation, and cross-site scripting attacks.
  • tvOS and watchOS: These products are vulnerable to similar threats of DoS attacks, XSS vulnerabilities, and information disclosure.
  • Safari and Xcode: Older versions may be vulnerable to spoofing and bypassing security restrictions.
  • visionOS: Users may be vulnerable to data manipulation, DoS attacks, and information disclosure.

CERT-In Recommendations

The warning urges users to update their Apple devices to the latest software versions to mitigate the risk. Users are also advised to monitor their devices for any unusual activity and ensure that appropriate cybersecurity measures are in place.