The Indian Computer Emergency Response Team (CERT-In) has raised an urgent alert about critical security flaws in Apple products, according to a report by The Economic Times. The advisory, dated August 2, highlighted significant risks affecting various Apple devices, including iPhones, iPads, Macs, and other products.
What are the affected Apple software versions?
The vulnerabilities impact several versions of Apple software:
- iOS and iPadOS: Versions before 17.6 and 16.7.9
- macOS: Versions before 14.6 (Sonoma), 13.6.8 (Ventura), and 12.7.6 (Monterey)
- watchOS: Versions before 10.6
- tvOS: Versions before 17.6
More From This Section
- visionOS: Versions before 1.3
- Safari: Versions before 17.6
What are the potential risks?
CERT-In has warned that these vulnerabilities could allow attackers to access sensitive data, execute arbitrary code, bypass security measures, cause denial of service (DoS), and perform spoofing attacks. The advisory categorised the severity of these flaws as ‘high’.
The nodal agency advised all Apple users to promptly install the latest software updates from Apple to address these security vulnerabilities and mitigate potential risks. The advisory stressed the critical nature of these flaws and the need for immediate action to safeguard against possible attacks.
Apple’s alert on potential spyware threats
Earlier last month, Apple also issued alerts about possible ‘mercenary spyware attacks’, similar to the Pegasus spyware. These warnings, sent to users in over 150 countries, including India, aimed to caution about advanced spyware threats targeting iPhones.
Notable individuals, including Iltija Mufti, media adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of Samruddha Bharat Foundation, reported receiving these alerts last month.
According to an April blog post by Apple, mercenary spyware attackers employ ‘exceptional resources’ to target a very limited number of specific individuals. Apple noted that these attacks, which are costly and have a short lifespan, are difficult to detect.
Apple emphasised that since these cyberattacks aim at specific individuals and their devices, most people are unlikely to be affected by such threats.
How can you protect your Apple devices?
Apple has already provided fixes and patches for these security issues. CERT-In has recommended users to check and install these updates on their iPhones, Macs, iPads, and Safari browser immediately. To do this, go to Settings on the device, select Software Update, and install the latest iOS, iPadOS, or macOS versions.