- CERT-In has notified MeitY about multiple security flaws in the software of Apple devices.
- An attacker can exploit these flaws to gain privileged and unauthorized access to an affected device.
- Apple has officially acknowledged the situation and has released security patches for all of its devices.
The Indian Computer Emergency Response Team (CERT-In) has issued security warnings on multiple Apple devices. The notification warns users about several vulnerabilities in Apple devices, including the iPhone, iPad, Apple Watch, MacBooks, and even Apple’s Safari browser.
CERI-In is an official government body under the Ministry of Electronics and Information Technology (MeitY). Previously, CERT-In had also warned about security flaws in Google’s Android Operating System.
Apple Devices Are Vulnerable to Multiple Security Threats
CERT-In has issued a ‘High-Severity’ vulnerability notice for Apple devices on its official website. The CIVN-2023-0275 notification mentions that several Apple products are exposed to security threats, due to drawbacks in the software.
As per CERT-In, these software flaws can be exploited by hackers to execute malicious code and programs in any affected device. The attacker can also gain privileged access to the victim’s system, and bypass all security protection systems on the exposed device.
Multiple Apple devices are vulnerable to this security flaw. These include the iPhone, iPad, Apple Watch, iMac, MacBook, Mac mini, and even Hackintosh systems. The flaw is associated with Apple’s security implementation in iOS, iPadOS, watchOS, and macOS.
CERT-In has released a list of all the software versions that are vulnerable to the newly discovered security flaws.
- Apple macOS Monterey versions prior to 12.7
- Apple macOS Ventura versions prior to 13.6
- Apple watchOS versions prior to 9.6.3
- Apple watchOS versions prior to 10.0.1
- Apple iOS versions prior to 16.7 and iPadOS versions prior to 16.7
- Apple iOS versions prior to 17.0.1 and iPadOS versions prior to 17.0.1
- Apple Safari versions prior to 16.6.1
Details Of Security Flaws in Apple Devices
CERT-In has also revealed the reason behind the security flaws in Apple’s software. A certificate validation issue has been spotted in the Security Code Component of Apple’s iOS, iPadOS, macOS, and watchOS. An attacker can exploit this to generate specially crafted requests in the system and gain unauthorized access to an affected system.
A secondary flaw was also discovered in Apple’s Kernel, which is responsible for the proper execution of instructions between the software and the hardware of the device. Hence, hackers could exploit the kernel of any affected device, and gain complete control of an exposed device’s hardware and software components.
Errors were also spotted in Apple’s WebKit, a component on which Apple’s Safari browser is built. This leaves Safari users vulnerable to hackers, exposing them to multiple flaws while browsing the internet.
Apple Has Acknowledged The Situation
Apple has already acknowledged all the security flaws in its software systems. The company has urged users to update their iPhone, iPad, MacBook, and Apple Watch to the latest software version respectively. Apple has also released a patch for its Safari browser, which has fixed the errors in the WebKit component.
Apple has also mentioned the details of these flaws in multiple blog posts. The company says that the latest versions of iOS, macOS, iPadOS, and watchOS are safe from these security vulnerabilities.