In a recent development, the Indian government has issued a high-severity warning to Apple users, cautioning them about a newfound security vulnerability that could potentially compromise their devices. The vulnerability, identified in the WebKit browser engine, which is utilized by Apple’s Safari and various other web browsers, raises concerns for users of Apple products like iPhones and Apple Watches.
This vulnerability poses a significant risk, as it could be exploited by malicious actors to gain control over a user’s device. Attackers may employ tactics such as luring users to visit malicious websites or enticing them to open malevolent attachments. If successful, these attackers could potentially access a user’s personal data, files, and even deploy malware onto the victim’s device.
The vulnerabilities in question stem from issues related to certificate validation within multiple components, including the Security component, the Kernel, and the WebKit component. Attackers can potentially exploit these weaknesses by employing carefully crafted requests, ultimately bypassing security safeguards on the targeted system or executing arbitrary code.
The national nodal authority responsible for managing cybersecurity-related concerns across various platforms, CERT-In (Indian Computer Emergency Response Team), advises users to take immediate action to safeguard their personal data. This can be achieved by promptly updating their devices to the latest versions of watchOS, tvOS, and macOS. Failure to address these software vulnerabilities could leave Apple devices vulnerable to potential breaches.
Apple has responded to the security concerns by providing the necessary updates to rectify the identified issues. Users can access these updates on the official CERT-In website, cert-in.org.in.
About CERT-In
CERT-In, or the Indian Computer Emergency Response Team, operates under the Ministry of Electronics and Information Technology of the Government of India. It serves as the central authority responsible for addressing cybersecurity threats, including activities such as scams and hacking. CERT-In plays a pivotal role in enhancing the security defenses of the Indian Internet domain.
List of Affected Software Versions
The following Apple software versions have been identified as vulnerable:
- Apple macOS Monterey versions prior to 12.7
- Apple macOS Ventura versions prior to 13.6
- Apple watchOS versions prior to 9.6.3
- Apple watchOS versions prior to 10.0.1
- Apple iOS versions prior to 16.7 and iPadOS versions prior to 16.7
- Apple iOS versions prior to 17.0.1 and iPadOS versions prior to 17.0.1
- Apple Safari versions prior to 16.6.1
