Apple iPhones and iPads Subject to Multiple Vulnerabilities with latest iOS and iPadOS Versions, Warns Cert-In

The CVE-2022-42827 issue affects Apple iOS 16.1, Apple iOS versions previous to 16.0.3, and iPadOS versions prior to 16.

297944

Apple recently released the new iOS 16.1 and iPadOS 16.1 for its iPhones and iPads. The new iOS and iPadOS updates introduce a bunch of new features and also claim to fix multiple bugs and issues experienced by users previously. It looks like the new update has also introduced some new bugs and vulnerabilities in iOS 16.1. 

An Economic Times report, citing an advisory by the Indian Computer Emergency Response Team (Cert-IN), revealed that the latest iOS and iPadOS updates include a bunch of vulnerabilities that could allow hackers to remotely access a user’s private data, run arbitrary code and spoof the interface address. The hackers could also run denial of service programs remotely on the victim’s device.

Apple iPhones running iOS 16 Prone to Hacks

The Cert-IN, in its advisory, stated that several Apple iPhones and iPads running iOS 16.1 and versions prior to iOS 16.0.3 are vulnerable to cyber-attacks. The issue also pertains to devices running iPadOS prior to the latest iPadOS 16.1. The CVE-2022-42827 issue affects Apple iOS 16.1, Apple iOS versions previous to 16.0.3, and iPadOS versions prior to 16. Apple iPhone 8 and after, iPad Pro Call models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later are among the list of afflicted devices, according to the advisory shared by the Cert-IN.

The cyber security watchdog further stated that the severity of the vulnerability is high and exists due to inadequate security controls in the AppleMobileFileIntegrity component among a slew of other factors.

The attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application. These files or apps might seem fine at a surface level but the underlying code could include malicious firmware which could activate the code. If the attacker manages to get access to the victim’s device, they could run a “successful exploitation of these vulnerabilities could allow the attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address, or denial of service conditions on the targeted system,” the advisory read.

Cert-IN also highlighted the vulnerabilities in Safari versions prior to 16.1. it said that the vulnerabilities could allow an attacker to spoof URLs, get access to sensitive information, etc.

As users, it is best to avoid installing apps outside of the App Store. We also advise our readers to avoid clicking on unknown links that claim to offer free items or might look like a copy of some known website. Such links could execute malicious code in the background without the user having any knowledge about it. The code can not only steal your sensitive information but could also execute ransomware, making your device useless unless you agree to pay some fee (monetary or any other kind).