19 March 2024 – The Indian Computer Emergency Response Team (CERT-In) has raised a red flag for users of Apple iPhone and iPad devices, issuing a high severity warning regarding multiple vulnerabilities found in Apple iOS and iPadOS. Released on March 15, the warning, listed on the official CERT-In website, alerts users to potential risks associated with these vulnerabilities.
According to CERT-In, these vulnerabilities could potentially allow attackers to execute arbitrary code, trigger denial of service, access sensitive information, and bypass security restrictions on affected devices. The security flaw impacts iOS and iPadOS versions earlier than 16.7.6 and 17.4 for various Apple devices, including iPhones and iPads of different generations.
The vulnerabilities stem from improper validation in various components of iOS and iPadOS, including Bluetooth, libxpc, MediaRemote, Safari, WebKit, ExtensionKit, Messages, Share Sheet, and more. CERT-In highlighted potential risks such as system failures, unauthorized code execution, data breaches, and security bypasses.
To mitigate these risks, users are advised to take several preventive measures. These include updating software to the latest versions, installing security patches provided by Apple, using secure connections, enabling Two-Factor Authentication (2FA), exercising caution with downloads, maintaining regular data backups, and staying informed about security alerts.
By following these recommendations, users can bolster the security of their Apple devices and minimize the likelihood of exploitation from these vulnerabilities. Remaining vigilant and proactive in implementing security measures is crucial to safeguarding personal information and device integrity in the face of evolving cybersecurity threats.