New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued a “high-risk” warning for users of Apple iPhones, MacBooks, iPads, and Vision Pro headsets because of a serious vulnerability found in various Apple products.
The advisory highlights a big danger related to “remote code execution” in various Apple software and hardware versions. It affects different Apple products, including Apple Safari versions preceding 17.4.1, Apple macOS Ventura versions before 13.6.6, Apple macOS Sonoma versions before 14.4.1, and more.
This flaw lets remote attackers run any code on targeted systems by taking advantage of a problem in WebRTC and CoreMedia, potentially compromising devices from afar.
CERT-In says users of certain Apple devices like iPhone XS, iPad Pro models, iPhone 8 series, and some iPads are vulnerable if they have older iOS and iPadOS versions. MacBook users with older macOS Ventura and Sonoma versions, as well as users of the Apple Vision Pro headset, are also at risk.
CERT-In has recommended the following precautionary measures to eradicate the risk of compromise:
- Make sure your Apple devices have the latest updates to fix security issues.
- Stay away from unsecured Wi-Fi networks to prevent unauthorised access.
- Use Two-Factor Authentication (2FA) for added security.
- Only download apps from trusted sources like the Apple App Store to avoid malware.
- Back up your important data regularly to prevent loss from security breaches or system failures.
Android users were also recently warned by CERT-In as they informed multiple vulnerabilities affecting Android versions 12 to 14, posing risks of escalated privileges, information disclosure, and denial-of-service attacks. These vulnerabilities, rated “high” in severity, mirror concerns seen with Apple’s products.
The flaws affect various components including the Android Framework, MediaTek drivers, Qualcomm code, and Google’s Widevine DRM. Fortunately, patches for these vulnerabilities are included in the April security update.
While Android OEMs tend to be slower in distributing Google’s security patches to their devices, given the severity of these vulnerabilities, users can expect the April update to be deployed more promptly than usual for their Android phones and tablets.
The team also warned users of Mozilla products about several serious vulnerabilities. These vulnerabilities, labeled as CERT-In Vulnerability Note CIVN-2023-0348, can expose devices to hacker attacks, posing a significant risk to their safety and performance.
Discussion about this post