New Delhi: CERT-In has issued medium to high-severity warnings for Apple Watch, TV, and Macbook users, in India. The national nodal agency that oversees cybersecurity-related issues in multiple releases states that users must upgrade their devices to the latest watchOS, tvOS, and macOS versions immediately to safeguard their personal data. The government advisories issued between March 31 to April 3 are available on CERT-In’s official website.
The multiple vulnerabilities could allow an attacker to bypass Privacy preferences, execute arbitrary code with kernel privileges, gain access to sensitive information, and spoof the user interface on the targeted system. The vulnerability will affect watchOS versions prior to 9.4.
These vulnerabilities exist in Apple tvOS and watchOS products due to flaw in AppleMobileFileIntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts and WebKit; out-of-bounds read in Core Bluetooth and ImagelO; improper memory handling in CoreCapture, Fontarser and ImagelO; arbitrary code execution in Foundation; arbitrary code with kernel privileges in Kernel; bypass Same Origin Policy in WebKit; origin information in WebKit; improper input sanitization in Calendar; improper input validation in Imagelo.
Discussion about this post