"High-Risk" Warning For Apple iPhone, iPad and MacBook Users

Centre's security advisory from the Indian Computer Emergency Response Team (CERT-In) has issued a "high-risk" warning for users of Apple's iPhones, MacBooks, iPads, and Vision Pro headsets. The government body has found “remote code execution vulnerability” in Apple products, which can leave a device vulnerable to exploitation by hackers, who could remotely gain access on a device and execute “arbitrary code on the targeted system”.

As per CERT-In warning, the vulnerability affects iPhone and iPad users whose devices are on iOS and iPadOS versions prior to 17.4.1. This version is available for all iPhones after iPhone XS, iPad Pro 12.9-inch 2nd generation and later, all versions after iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air gen 3 and later, iPad gen 6 and later, and iPad mini version after gen 5.

The vulnerability also affects iOS and iPad versions before the 16.7.7 update, which is available on iPhone 8, iPhone 8 Plus, iPhone X, iPad gen 5, iPad Pro 9.7-inch, and iPad Pro 12.9-inch gen 1.

In addition to that, the remote code execution vulnerability also affects Apple Safari versions prior to 17.4.1, which is available for macOS Monterey and macOS Ventura. The issue also affects MacBook users on macOS Venture versions prior to 13.6.6, and macOS Sonoma versions prior to 14.4.1. Apart from the iPhone, iPad and MacBook, there is also a warning for Vision Pro headset users, due to a vulnerability in the VisionOS versions before 1.1.1.

The vulnerability note on the CERT-In website reveals that the issue is due to an “out-of-bounds write issue in WebRTC and CoreMedia”. This means that the security flaw could let a hacker trick someone into visiting a specific link, which could then be used to attack the device remotely. “Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system,” the vulnerability note on CERT-In website reads.

To ensure the security of your devices, follow these essential steps-- First, keep your Apple iOS and iPadOS devices updated with the latest software versions to benefit from security fixes. Apply any security patches provided by Apple, especially those addressing vulnerabilities highlighted by CERT-In. When connecting to networks, prioritise secure connections and avoid unsecured or public Wi-Fi networks to minimise the risk of unauthorised access. Enable Two-Factor Authentication (2FA) for an added layer of security, which can mitigate the impact of credential compromises.

Exercise caution when downloading apps or software, sticking to trusted sources like the Apple App Store to avoid potential threats. Regularly back up your important data to protect against data loss due to security breaches or system failures. Stay informed about security alerts and advisories from reputable sources such as CERT-In or Apple to take proactive measures against emerging threats and ensure the ongoing security of your devices.