CERT-In warns Indian iPhone users to update their phones
The Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology has issued a security warning for iPhone users in India, and if not mitigated, hackers may gain complete control Of the device. On its official website, CERT-In notes that older models, including the iPhone 6s, iPhone 7 series, iPhone 8 series, and the first generation iPhone SE, are also vulnerable. iPad users, including iPad Air, Pro, and Mini, are encouraged to update to the latest version of iPadOS. How to update iPhone and iPad: To update your iPhone, open Settings > General > Software Update. The same method also applies to iPad users.
CERT-In states that the vulnerabilities exist in Apple iOS and iPadOS due to "incorrect input validation" in Kernel and "improper state management in issues in WebKit. The Kernel is the core of any operating system, while WebKit is the core technology behind the Apple Safari browser. The security agency points out that if the vulnerabilities are exploited, the attacker can "execute arbitrary code on the target system," which means the hacker can even gain control of the device. CERT-In rates the severity with a "high" warning.
The government warning comes days after Apple began rolling out new iOS updates to the iPhone. Apple has released updates to iOS 15.7.7 and iPadOS 15.7.7 for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation) and iPod touch (7th generation). There are also updates to iOS 16.5.1 and iPadOS 16.5.1 for iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini from 5th generation and later. Apple's support page stated that researchers at the security firm Kaspersky discovered the vulnerabilities.
Talking about the iOS kernel issue, the support page notes: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7." The page highlights the WebKit issue: "An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7."