Government issues high severity security warnings on Apple products

The Indian Computer Emergency Response Team (CERT-In), which is a national nodal agency overseeing cybersecurity-related issues, has issued warnings to Apple users in India about medium to high-severity vulnerabilities found on Mac PCs, Watches, and Apple TVs. If exploited, these vulnerabilities could give attackers access to sensitive information. The agency advises users to update their software versions immediately, and the government advisories issued between March 31 to April 3 are available on CERT-In's official website.

Apple watch

The vulnerabilities on Macs are primarily in Apple's proprietary Safari web browser. As per CERT-In, the vulnerability in Apple's Safari web browser on Macs is due to "improper state management" in the WebKit component. This flaw could be exploited by an attacker to gain access to sensitive information by persuading a victim to visit a specially crafted web page. Users are strongly advised to update their Safari web browser to version 16.4 immediately to avoid potential exploitation of this vulnerability. If the user provides information, sensitive information could be extracted.

Apple

To upgrade the web browser, users need to open the Apple App Store desktop app, click Updates in the App Store toolbar, and use the Update buttons to download and install any updates listed. To ensure their security, Mac users are strongly advised to upgrade to the latest version of macOS. The multiple vulnerabilities found by CERT-In on macOS Ventura versions before 13.3, macOS Big Sur versions before 11.7.5, and macOS Monterey versions before 12.6.4 could be exploited by attackers to extract sensitive data, making it essential for users to update their software as soon as possible. CERT-In notes that there are multiple vulnerabilities due to various issues, such as memory issues, improper checks, and input validation, privacy issues, and race condition errors, among others.CERT-In has rated the vulnerabilities found in macOS as high-severity flaws that can impact systems running on macOS Ventura versions before 13.3, macOS Big Sur versions before 11.7.5, and macOS Monterey versions before 12.6.4. These vulnerabilities are caused by memory issues, improper checks, improper input validation, curl issues, improper bound checks, privacy issues, logic issues, race condition errors, using older versions of Vim, and improper state management issues. It is recommended that Mac users upgrade to the latest version of macOS to ensure that their systems are protected against potential security threats. It's crucial for Mac users to update their systems to the latest version of macOS to ensure that they are protected against potential security threats. Attackers could exploit these vulnerabilities to directly manipulate various applications and extract sensitive data.

Apple

Additionally, CERT-In has found multiple vulnerabilities on Apple Watches and Apple TVs. These vulnerabilities exist in Apple tvOS and watchOS products due to flaws in "AppleMobileFileIntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts, and WebKit."The vulnerabilities found by CERT-In on Apple tvOS and watchOS products, if exploited successfully, could allow attackers to bypass privacy preferences, execute arbitrary code with kernel privileges, gain access to sensitive information, and spoof user interface on the targeted system. These vulnerabilities exist due to flaws in "AppleMobileFileIntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts, and WebKit." Users are strongly advised to update to the latest versions of Apple tvOS and watchOS to ensure their security and protect against potential attacks.

Apple

To ensure their security, users are advised to upgrade to newer Apple tvOS and watchOS versions. The vulnerabilities found by CERT-In on Apple tvOS and watchOS products affect systems running TvOS versions prior to 16.4 and Apple WatchOS versions prior to 9.4. Users running these versions are advised to update their software to the latest version to avoid potential exploitation of these vulnerabilities by attackers.

It's important to note that Apple is addressing these flaws in the latest macOS, tvOS, and watchOS versions, indicating that the company is aware of the problems. While there is no warning for iPhone and iPad users, it's best to update the operating system versions to iOS 16.4 and iPadOS 16.4 to ensure that they are protected against any potential vulnerabilities.

© Copyright 2023. All Rights Reserved Powered by Vygr Media.