New Delhi: The Indian Computer Emergency Response Team (CERT-In), the principal cybersecurity agency, has released a high-severity security alert for Apple users in India. The advisory, dated April 2, 2024, warns of a significant security flaw affecting a wide range of Apple devices, including iPhones and Macs.
Affected Devices:
The vulnerability impacts several Apple operating systems and versions:
- Safari Browser: Versions earlier than 17.4.1
- macOS Ventura: Versions earlier than 13.6.6
- macOS Sonoma: Versions earlier than 14.4.1
- visionOS: Versions earlier than 1.1.1
- iOS & iPadOS: Versions earlier than 17.4.1 and 16.7.7
The issue spans across the latest Apple hardware, such as the iPhone 15 Pro Max and the Vision Pro headset, as well as various iPad models. Owners of older iPhone models, including the iPhone 8, 8 Plus, and iPhone X, are also at risk.
Nature of the Vulnerability:
CERT-In’s report highlights that the vulnerabilities in question could enable an attacker to run arbitrary code on affected devices. The root cause is identified as out-of-bounds write issues within WebRTC and CoreMedia components. Attackers could potentially exploit these vulnerabilities by convincing users to visit maliciously crafted web requests.
Protective Measures:
To safeguard against potential threats, users are urged to update their Apple devices to the latest software versions promptly. For those whose devices are confined to the vulnerable software versions, it is recommended to consider upgrading to newer hardware to mitigate the risk of exploitation.
Stay Updated:
Apple device owners should remain vigilant and follow updates from both Apple and CERT-In to ensure their devices’ security. Regularly checking for software updates and being cautious of suspicious web requests are key practices for maintaining device integrity.
