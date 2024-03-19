CERT-In issued high severity warnings for iPhones, iPads, Safari browser, Vision Pro, MacBooks, and Apple Watches due to vulnerabilities that could be exploited by attackers. Users are advised to update their devices to the latest versions to protect against security risks.

Indian Computer Emergency Response Team (CERT-In), the cyber security watchdog under the Ministry of Electronics and Information Technology (MeitY), has issued a high severity warning for iPhones and iPad users, highlighting certain vulnerabilities that could be exploited by a potential attacker. CERT-In has also issued a follow-up alert for other products, including the Safari browser, Vision Pro, MacBooks and Apple Watches. {{^adFree}} {{/adFree}}

In the first warning, issued on March 15, CERT-In said several vulnerabilities had been found in Apple's iOS and iPadOS that “allow an attacker to trigger denial of service condition, execute arbitrary code, sensitive information disclosure and bypass security restriction on the targeted system." {{^adFree}} {{/adFree}}

The cybersecurity agency said these vulnerabilities exist for a number of reasons, including improper validation in Bluetooth, MediaRemote, Photos, Safari and Webkit components. There are also privacy-related issues in ExtensionKit, Share Sheet, memory corruption, lock screen and timing side channel.

Which devices are affected? According to the warning by CERT-In, the issue affected iOS and iPadOS devices running on versions prior to 16.7.6 like the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. Moreover, the issue also affects iOS and iPadOS versions prior to 17.4 versions like the iPad Pro 10.5 and 11 inches, iPad Air 3rd gen and iPad Air 6th generation and later versions.

CERT-In states that users should update their iPhones and iPads to the latest version in order to protect themselves from these vulnerabilities. Moreover, older devices that aren't a part of the update cycle are advised to apply the appropriate security patches from Apple's website.

Vulnerabilities with Vision Pro, MacBooks and Apple TV: In yet another advisory issued on March 19, CERT-In stated that multiple vulnerabilities have been reported in Apple products that could be exploited by a potential attacker. Without going into the details of the vulnerabilities, the cybersecurity watchdog stated that these vulnerabilities could be used by attacker to “execute arbitrary code, bypass security restrictions, disclose sensitive information, gain elevated privileges or cause denial of service condition on the target system."

These vulnerabilities affect devices like the Apple Vision Pro, Apple TV HD, Apple TV 4K, Apple Watch Series 4 and later editions along with Apple macOS Soonoma 14 and later editions. {{^adFree}} {{/adFree}}

