The government has issued a warning to certain Apple users, citing two software vulnerabilities that could result in a “high risk of unauthorized access, data theft, or gain control (by hackers) of the affected system”.
This ‘high’ severity issue affects Intel-based Mac systems, which includes macOS, iOS, and iPadOS devices, according to the advisory issued by the Indian Computer Emergency Response Team (CERT-In) which comes under the Ministry of Electronics and Information Technology.
Also Read: India on the sidelines as the future of finance dawns
“Two vulnerabilities were reported in Apple products, which could be exploited by an attacker to execute arbitrary code or perform XSS attacks on the affected device,” CERT-In wrote in the advisory.
Which Apple users specifically are under threat?
The vulnerabilities which can lead to “potential for unauthorized access to sensitive user information, denial of service and data manipulation,” affect the following software versions:
- Apple iOS and iPadOS versions prior to 18.1.1
- Apple iOS and iPadOS versions prior to 17.7.2
- Apple macOS Sequoia versions prior to 15.1.1
- Apple visionOS versions prior to 2.1.1
- Apple Safari versions prior to 18.1.1
What can vulnerable Apple users do?
CERT-In advises Apple users for whom the advisory applies, to update their devices to the latest software versions as mentioned in Apple Security Updates to mitigate the risks.
Also Read: Sanjiv Goenka, owner of Lucknow Supergiants, has a net worth of $4 billion: Forbes
More precisely, iPhone and iPad users have to update to iOS 18.1.1 or iOS 17.7.2, Mac users have to install macOS Sequoia 15.1.1, Apple visionOS users have to update to version 2.1.1, and Safari users should update it to version 18.1.1.
What are the technical details of the vulnerabilities in the Apple products?
CERT-In says the vulnerability for the Safari browser exists in JavaScriptCore which is used by it to process JavaScript.
“An attacker could exploit this issue to execute arbitrary code execution by sending maliciously crafted web content to the affected device,” the advisory read.
CERT-In also mentioned a cross-site scripting vulnerability in WebKit, the engine that powers Safari and web content on Apple devices.
“An attacker could exploit this issue by sending maliciously crafted web content to trigger cross-site scripting (XSS) on the affected device,” CERT-In wrote.
Also Read: OpenAI accidentally erases evidence of using newspaper content to train AI models: Report