Update Your Apple Devices Now: CERT-In Warns of Critical Security Risks

The Indian Computer Emergency Response Team (CERT-In) has issued an urgent advisory for Apple users, highlighting some critical security vulnerabilities that might expose their devices to serious cyberattacks. This included iPhones, MacBooks, iPads, and even Safari browsers. Users of these devices were urged to download immediate software updates to mitigate risks.

Vulnerabilities Identified

CERT-In’s advisory (CIAD-2024-0058) details two major flaws affecting Apple products:

Arbitrary Code Execution (CVE-2024-44308)

Arbitrary Code Execution (CVE-2024-44308)

This particular vulnerability can be found in JavaScriptCore, an engine that powers Safari and other applications, and it can be exploited through malicious web content. Hackers can execute arbitrary code, possibly gaining unauthorized control over a device and running malicious applications.

Cross-Site Scripting (XSS) (CVE-2024-44309)

Located in WebKit, the engine behind Safari, this flaw enables attackers to craft malicious web content to launch XSS attacks. This could allow them to manipulate web pages, steal sensitive data, or impersonate users online.

Affected Devices and Versions

The vulnerabilities impact a wide range of Apple products, including:

iPhones and iPads: iOS and iPadOS versions earlier than 18.1.1 and 17.7.2.

MacBooks and Desktops: macOS Sequoia versions before 15.1.1.

Vision Pro: visionOS versions earlier than 2.1.1.

Safari Browser: Versions before 18.1.1.

Risks for Users

CERT-In warns that these vulnerabilities could have severe consequences, such as:

Unauthorized Data Access: Hackers could steal sensitive data like passwords, financial details, or confidential files.

Data Manipulation: Attackers may alter or delete stored data, leading to identity theft or compromised records.

System Disruption: Exploits could crash systems or disrupt operations, causing downtime.

Device Control: Cybercriminals might gain complete control of devices, installing malware, monitoring activity, or misusing systems for malicious purposes.

Immediate Action Required

CERT-In warns that these vulnerabilities may have already been actively exploited, particularly on Intel-based Mac systems. Apple users are strongly advised to update their devices promptly:

Go to Settings > General > Software Update on iPhones and iPads.

On MacBooks, open System Preferences > Software Update.

Timely updates are critical to safeguarding your data and preventing unauthorized access. Stay proactive to ensure your devices remain secure.