News Brief

India's Cybersecurity Agency Flags 'High-Risk' Vulnerability In Apple Products: Here's All You Need To Know

Kuldeep Negi

Apr 03, 2024, 02:32 PM | Updated 02:36 PM IST


Cyber security (Representative Image)
Cyber security (Representative Image)

India's cybersecurity agency has issued a high risk warning for users of Apple's iPhones, MacBooks, iPads, and Vision Pro headsets.

The advisory, issued by Indian - Computer Emergency Response Team (CERT-In), highlights a critical vulnerability, identified in connection to "remote code execution" in various Apple products.

The vulnerability affects a range of Apple software and hardware, including Apple Safari versions prior to 17.4.1, Apple macOS Ventura versions prior to 13.6.6, Apple macOS Sonoma versions prior to 14.4.1, Apple visionOS versions prior to 1.1.1, Apple iOS and iPadOS versions prior to 17.4.1, and Apple iOS and iPadOS versions prior to 16.7.7.

This vulnerability poses a significant threat as it allows remote attackers to execute arbitrary code on the targeted systems.

The exploit leverages an out-of-bounds write issue in WebRTC and CoreMedia, enabling attackers to compromise devices remotely.

Devices at risk include iPhone XS, iPad Pro (12.9-inch, 10.5-inch, and 11-inch), iPad Air, iPad, iPad mini with iOS and iPadOS versions earlier than 17.4.1, and iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro (9.7-inch, and 12.9-inch 1st generation) with iOS and iPadOS versions earlier than 16.7.7.

Additionally, MacBooks with macOS Ventura versions before 13.6.6 and macOS Sonoma versions before 14.4.1, and Apple Vision Pro headsets with visionOS versions before 1.1.1, are vulnerable.

CERT-In advises updating to the latest versions of iOS, iPadOS, macOS, and visionOS with security patches. It recommends avoiding unsecured or public Wi-Fi networks, enabling Two-Factor Authentication (2FA), downloading apps only from trusted sources like the Apple App Store, and regularly backing up data to prevent data loss from security breaches or system failures.

Also Read: Modi Government Cancels FCRA Licences Of Five NGOs Including Evangelical Fellowship Of India: Here's Why

Kuldeep is Senior Editor (Newsroom) at Swarajya. He tweets at @kaydnegi.


Get Swarajya in your inbox.


Magazine


image
States