NEW DELHI, Apr 3: Security advisory from the Central government’s Indian Computer Emergency Response Team (CERT-In) has issued a “high-risk” warning for users of Apple’s iPhones, MacBooks, iPads, and Vision Pro headsets. The advisory highlights a critical vulnerability, identified in connection to “remote code execution” in various Apple products.
The vulnerability affects a range of Apple software and hardware, including Apple Safari versions prior to 17.4.1, Apple macOS Ventura versions prior to 13.6.6, Apple macOS Sonoma versions prior to 14.4.1, Apple visionOS versions prior to 1.1.1, Apple iOS and iPadOS versions prior to 17.4.1, and Apple iOS and iPadOS versions prior to 16.7.7.
This vulnerability poses a significant threat as it allows remote attackers to execute arbitrary code on the targeted systems. The exploit leverages an out-of-bounds write issue in WebRTC and CoreMedia, enabling attackers to compromise devices remotely.
According to the advisory, users of iPhone XS, iPad Pro 12.9-inch, iPad Pro 10.5-inch, iPad Pro 11-inch, iPad Air, iPad, and iPad mini are susceptible if their devices are running iOS and iPadOS versions prior to 17.4.1. Additionally, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation users are at risk if their devices are not updated to iOS and iPadOS versions 16.7.7 or later.
MacBook users are also urged to update their systems, with macOS Ventura versions prior to 13.6.6 and macOS Sonoma versions prior to 14.4.1 being vulnerable. Moreover, users of the Apple Vision Pro headset should take note of the vulnerability in visionOS versions prior to 1.1.1.
The CERT-In has recommended several precautionary measures to avoid the risk advising the users to ensure that Apple iOS, iPadOS, macOS, and visionOS are updated to the latest versions containing security patches.
Network Security: Avoid connecting to unsecured or public Wi-Fi networks to minimize the risk of unauthorized access.
Enable Two-Factor Authentication (2FA): Implement 2FA to add an extra layer of security against potential credential compromises.
Download from Trusted Sources: Only download apps and software from reputable sources like the Apple App Store to mitigate the risk of malware.
Regular Backups: Back up important data regularly to safeguard against data loss due to security breaches or system failures.
(Manas Dasgupta)
