BEWARE Apple users! Government issues high security warning for iPhones, MacBook and iPad users
The Indian Computer Emergency Response Team or CERT-In has issued a high severity warning for users of Apple products in India. The agency has found multiple vulnerabilities that could allow hackers to access information on a user’s device.
FollowCERT-In or the Indian Computer Emergency Response Team has issued a warning for Apple products. The agency has given a ‘high’ severity rating to the issue. The government agency has discovered a "remote code execution vulnerability" in Apple devices. This weakness might allow a hacker to remotely access a device and run "arbitrary code on the targeted system," leaving it open to exploitation.
The vulnerability, according to the CERT-In alert, affects owners of iPhones and iPads running iOS and iPadOS versions earlier than 17.4.1.
All iPhone models after the iPhone XS, iPad Pro 12.9-inch 2nd generation and after, iPad Pro 10.5-inch and all versions after, iPad Pro 11-inch 1st generation and later, iPad Air gen 3 and later, iPad gen 6 and later, and iPad mini version after gen 5 are compatible with this version.
Also Read | Apple likely to launch entry-level AirPods Lite this year, may cost THIS much
Prior to the 16.7.7 update, which is compatible with the iPhone 8, iPhone 8 Plus, iPhone X, iPad gen 5, iPad Pro 9.7-inch, and iPad Pro 12.9-inch gen 1, the vulnerability also affects versions of iOS and iPad.
Additionally, Apple Safari versions older than 17.4.1, which is compatible with macOS Monterey and macOS Ventura, are also vulnerable to remote code execution.
Users of MacBooks running macOS Sonoma versions earlier than 14.4.1 and macOS Venture versions earlier than 13.6.6 are also impacted by this vulnerability.Users of the Vision Pro headset are also cautioned, in addition to owners of the iPhone, iPad, and MacBook, because of a vulnerability in VisionOS versions prior to 1.1.1.
An "out-of-bounds write issue in WebRTC and CoreMedia" is the cause of the problem, according to the vulnerability note on the CERT-In website. This implies that the security hole may allow a hacker to deceive a user into clicking on a particular link, which they might then exploit to launch a remote attack on the device. The vulnerability statement on the CERT-In website states that "successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system."
