Centre issues high security warning for Apple iPhone, MacBook, and iPad users
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk security advisory for Apple product users, including iPhones, MacBooks, iPads, and Vision Pro headsets. The advisory points out a critical vulnerability related to remote code execution in these devices.
The vulnerability impacts a variety of Apple software and hardware, such as Safari versions before 17.4.1, macOS Ventura versions before 13.6.6, macOS Sonoma versions before 14.4.1, visionOS versions before 1.1.1, and iOS and iPadOS versions before 17.4.1 and 16.7.7.
This vulnerability is a significant risk as it enables remote attackers to run arbitrary code on the targeted systems. The exploit uses an out-of-bounds write issue in WebRTC and CoreMedia, allowing attackers to remotely compromise devices.
The advisory states that users of iPhone XS, iPad Pro (12.9-inch, 10.5-inch, 11-inch), iPad Air, iPad, and iPad mini are vulnerable if their devices run iOS and iPadOS versions before 17.4.1. Also, users of iPhone 8, iPhone 8 Plus, iPhone X, iPad (5th generation), iPad Pro (9.7-inch, 12.9-inch 1st generation) are at risk if their devices are not updated to iOS and iPadOS versions 16.7.7 or later.
MacBook users are also advised to update their systems, as macOS Ventura versions before 13.6.6 and macOS Sonoma versions before 14.4.1 are vulnerable. Additionally, Apple Vision Pro headset users should be aware of the vulnerability in visionOS versions before 1.1.1.
To ensure safety, users are advised to update Apple iOS, iPadOS, macOS, and visionOS to the latest versions with security patches.
They are advised to avoid connecting to unsecured or public Wi-Fi networks to reduce the risk of unauthorised access.
They can enable Two-Factor Authentication (2FA) to provide an additional layer of security against potential credential compromises.
They should only download apps and software from trusted sources like the Apple App Store to lessen the risk of malware.
They are advised to regularly back up important data to protect against data loss due to security breaches or system failures
