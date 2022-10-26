Apple iPhone and iPad users could be at risk. According to an advisory issued by the Indian Computer Emergency Response Team (CERT-In), multiple vulnerabilities have have been reported in Apple iOS and iPadOS that could allow a remote attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted device.
Which Apple devices are impacted?
As per the advisory, Apple iOS 16.1, Apple iOS versions prior to 16.0.3 and iPadOS versions prior to 16 are affected by the vulnerability – CVE-2022-42827. List of impacted devices include Apple iPhone 8 and later, iPad Pro Call models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Why does the vulnerability exist in Apple devices?
In its advisory, CERT-In says that these vulnerabilities exist in Apple iOS and iPadOS due to
- Improper security restrictions in AppleMobileFileIntegrity component
- Improper bounds check in Avevideoencoder component; Improper validation in CrNetwork component
- Improper entitlement in Core Bluetooth component
- Improper memory handling in GPU Drivers component
- Memory corruption issue in IOHIDFamily component