Skip to content

Indian government reports Security Vulnerabilities in Apple devices

The Indian government has released a report highlighting security vulnerabilities in Apple devices, including iPhones, iPads, Apple Watches, iMacs, MacBooks, and the Safari Browser. The vulnerabilities are due to software flaws and can be exploited by hackers to execute malicious code and gain privileged access control. CERT-IN, the Computer Emergency Response Team of India, has issued an urgent alert regarding these vulnerabilities.

Specifically, CERT-IN has warned about a security validation certificate flaw in the Security Code Component, which allows hackers to bypass security protections through crafted requests. A flaw in Apple’s Kernel has also been discovered, enabling the execution of instruction code between the device’s software and hardware. Furthermore, errors in Apple’s WebKit have left Safari browsers exposed to multiple vulnerabilities.

The vulnerable software versions identified by CERT-IN include Apple macOS Monterey and Ventura versions released before 12.7 and 13.6 respectively, Apple WatchOS versions released before 9.6.3 and 10.0.1, and Apple iOS and iPadOS versions before 16.7, 17.0.1, and 16.6.1 for Safari.

Apple has stated that it has already addressed all the vulnerabilities identified by CERT-IN. However, it is crucial for users to update their devices with the latest software fixes to ensure their security.

In response to these vulnerabilities, Apple has issued emergency security patches for iOS/iPadOS 17 and WatchOS 10. These patches aim to address zero-day vulnerabilities that could potentially expose devices to spyware. Apple has credited Maddie Store of Google’s Threat Analysis Group and Bill Marczak of Citizen Lab for discovering these vulnerabilities. The spyware, known as ‘Predator’ and developed by Intellexa of Egypt, remains undisclosed in terms of its details and the extent of damage it may have caused.

Key Points:
1. The Indian government has identified security vulnerabilities in various Apple products.
2. Hackers can exploit these vulnerabilities to execute malicious code and gain privileged access control.
3. CERT-IN has warned about flaws in the Security Code Component, Apple’s Kernel, and the Safari browser.
4. Vulnerable software versions include macOS, WatchOS, iOS, iPadOS, and Safari.
5. Apple has released security patches and urges users to update their devices for enhanced security.

Leave a Reply

Your email address will not be published. Required fields are marked *