Centre warns of ‘high risk’ security flaws in iPhones
New Delhi: The Union government on Sunday issued a warning of ‘high-risk’ security flaws in iPhones and several other Apple products, including iOS, iPadOS, macOS, watchOS, and visionOS.
The advisory, issued by the Indian Computer Emergency Response Team (CERT-In), came just days after the launch of
the highly anticipated iPhone 16 series.
According to CERT-In’s advisory, the affected products include iOS (versions prior to 18 and 17.7), iPadOS (versions prior to 18 and 17.7), macOS Sonoma (versions prior to 14.7), macOS Ventura (versions prior to 13.7), macOS Sequoia (versions prior to 15), tvOS (versions prior to 18), watchOS (versions prior to 11), Safari (versions prior to 18), Xcode (versions prior to 16), and visionOS (versions prior to 2).
The vulnerabilities, deemed "high-risk," could be exploited by attackers to gain unauthorised access to sensitive information, execute arbitrary code, bypass critical security restrictions, cause denial-of-service (DoS) conditions, elevate privileges, and perform spoofing or cross-site scripting (XSS) attacks.
What could be the impact?
iOS and iPadOS: Users operating on versions earlier than 18 or 17.7 could face DoS attacks, information disclosure, and security restriction bypassing.
macOS (Sonoma, Ventura, Sequoia): Older macOS versions may be vulnerable to data manipulation, DoS, privilege elevation, and XSS attacks.
tvOS and watchOS: These products are susceptible to DoS attacks, XSS vulnerabilities, and information disclosure.
Safari and Xcode: Older versions of these software tools could be prone to spoofing and bypassing security restrictions.
visionOS: Users could be exposed to data manipulation, DoS, and information disclosure risks.
The advisory recommends that users must update their Apple devices to the latest software versions to mitigate these risks. Additionally, users should monitor their devices for any unusual activity and ensure that proper cybersecurity measures are in place.