Centre advisory reveals 'high' severity Apple vulnerabilities prior to 'warning messages'; check details

Days before Apple issued warnings to certain users, including opposition MPs in India, about "state-sponsored attackers" targeting their devices, a government advisory addressed the presence of "multiple vulnerabilities" in Apple's products and assessed them with a "high" severity rating.

On October 27, the Computer Emergency Research Team, or CERT, released the advisory four days before images were circulated on social media platforms, including X (formerly Twitter), showing messages or emails from Apple stating, "ALERT: State-sponsored attackers may be targeting your iPhone."

Parliamentary panel may summon Apple officials over iPhone hacking claim

The advisory identified vulnerabilities in several versions of Apple's operating systems, including iOS and iPadOS versions "prior to 17.1," macOS Sonoma versions "prior to 14.1," Ventura versions "prior to 13.6.1," and Monterey versions "prior to 12.7.1," which were all susceptible to exploitation by potential hackers. The advisory also included Safari (Apple's web browser) versions "prior to 17.1," as well as Apple's tvOS and watchOS systems.

The advisory highlighted that these vulnerabilities could permit attackers to access sensitive data, execute arbitrary code, bypass security safeguards, trigger Denial of Service (DoS) conditions, evade authentication, gain elevated privileges, and carry out spoofing attacks on the targeted system.

The advisory provided links to nine Apple software updates designed to rectify these vulnerabilities and directed users to technical support pages for further information on Apple's operating systems.

Apple on hacking claims: We do not attribute threat notifications to any specific state-sponsored attacker

Additionally, CERT emphasized that the information was shared "as is," without any warranty.

On Tuesday, several opposition MPs, including Shashi Tharoor of the Congress, Priyanka Chaturvedi of the Shiv Sena (UBT), and Mahua Moitra of the Trinamool, revealed that they had received messages from Apple warning them about "state-sponsored attackers" attempting unauthorized access to their iPhones.

Apple acknowledged the possibility of certain threat notifications being false alarms, explaining that its ability to detect potential hacking attempts relied on often imperfect and incomplete threat intelligence signals.

In response, IT Minister Ashwini Vaishnaw ordered a comprehensive investigation into Apple's warning messages.