'Very Critical': CERT sounds alert for iPhone users, flags 'multiple vulnerabilities' in Apple devices
CERT has issued an advisory for iPhone and other Apple device users, flagging 'multiple vulnerabilities' in the company's software that could put user data at risk.
The Indian Computer Emergency Response Team (CERT-In) has identified 'multiple vulnerabilities' in iPhones and iPads, other Apple devices such as macOS and watchOS, which could allow an attacker to bypass device security and gain access to sensitive user information. .
“Several vulnerabilities have been reported in Apple products that could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS), and perform spoofing attacks on the target system,” the central agency said in a statement. Instructions issued on August 2.
According to CERT's advisory, the vulnerabilities exist in iOS, iPadOS as well as some macOS versions and older versions of Apple's Safari web browser.
According to CERT, the affected versions of Apple OS are:
- iOS versions below 17.6
- iPadOS below 16.7.9
- macOS Sonoma versions below 14.6
- Versions of macOS Ventura prior to 13.6.8
- Below macOS Monterey 12.7.6
- watchOS versions below 10.6
- Versions prior to tvOS 17.6
- visionOS below 1.3
In addition, the vulnerabilities are also present in Safari web browser versions lower than 17.6, the CERT advisory indicated, and urged users to apply all Apple-recommended software patches to mitigate these security risks.
Interestingly, Apple has yet to confirm any security risks flagged by CERT.
Earlier, in May this year, the central government agency had issued a similar warning to users of iPhones and other Apple devices, flagging a critical vulnerability that could allow attackers to access user data through “remote code execution”.