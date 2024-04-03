The Indian Computer Emergency Response Team (CERT-In) has issued a stern "high-risk" warning concerning users of various Apple products, including iPhones, MacBooks, iPads, and Vision Pro headsets. {{^adFree}} {{/adFree}}

CERT-In is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security incidents. It strengthens security-related defence of the Indian Internet domain.

As per the agency, the vulnerability is reported to impact a broad spectrum of Apple software and hardware, encompassing Apple Safari versions preceding 17.4.1, Apple macOS Ventura versions prior to 13.6.6, Apple macOS Sonoma versions before 14.4.1, Apple visionOS versions preceding 1.1.1, as well as Apple iOS and iPadOS versions before 17.4.1 and 16.7.7, respectively.

This security flaw poses a significant threat as it empowers remote attackers to execute arbitrary code on the targeted systems. The exploit capitalizes on an out-of-bounds write issue detected in WebRTC and CoreMedia. As a consequence, this will help the attackers to compromise the security of the device remotely.

The government agency has further cautioned that users of iPhone XS, iPad Pro (12.9-inch, 10.5-inch, and 11-inch models), iPad Air, iPad, and iPad mini are vulnerable if their devices are running on iOS and iPadOS versions prior to 17.4.1.

Additionally, it is advisable that users of iPhone 8, iPhone 8 Plus, iPad Pro (9.7-inch and 12.9-inch 1st generation models), iPhone X, and iPad 5th generation also update their devices to iOS and iPadOS versions 16.7.7 or later, in order to protect themselves against the vulnerability.

It is also strongly recommended that MacBook users update their systems, particularly those using macOS Ventura versions prior to 13.6.6 and macOS Sonoma versions prior to 14.4.1. Furthermore, users of the Apple Vision Pro headset should exercise caution regarding the vulnerability found in visionOS versions prior to 1.1.1.

In response to these developments, CERT-In has issued several precautionary measures aimed at reducing the risk of compromise:

Ensure that Apple iOS, iPadOS, macOS, and visionOS are promptly updated to the latest versions that include essential security patches.

Prioritize network security by avoiding connections to unsecured or public Wi-Fi networks to minimize the risk of unauthorized access.

Strengthen security measures by implementing Two-Factor Authentication (2FA) to protect against potential credential compromises.

Exercise caution when downloading apps and software, opting only for reputable sources like the Apple App Store to mitigate the risk of malware.

Regularly backup important data to proactively safeguard against data loss resulting from security breaches or system failures.

