Apple users alert! Govt warns of 'high risk' flaw that might allow hackers to steal sensitive information

Indian Computer Emergency Response Team (CERT-In), a national nodal agency under the Ministry of Electronics and Information Technology (Meity), that oversees problems related to cybersecurity, has issued an advisory for all Apple users. 

The agency has reported multiple vulnerabilities across several Apple products that could allow attackers to bypass privacy preferences, execute arbitrary code with kernel privilege, gain access to sensitive information and spoof user interface on the targeted system. CERT-In has marked the severity of the vulnerabilities as “high”.

According to CERT-In, these vulnerabilities have been found on Apple’s Safari web browser. It further details that the vulnerabilities in Apple Safari versions prior to 16.4 for macOS Big Sur and macOS Monterey Overview can be exploited by an attacker to gain access to sensitive user information available on the targeted system. 

Improper state management and disclosing of origin information in the WebKit are the two reasons why these vulnerabilities exist in the first place.

As per the blog post, these vulnerabilities exist due to a “flaw in AppleMobileFilelntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts and WebKit; out-of-bounds read in Core Bluetooth and ImagelO; improper memory handling in CoreCapture, FontParser and ImagelO; arbitrary code execution in Foundation; arbitrary code with kernel privileges in Kernel; bypass Same Origin Policy in WebKit; origin information in WebKit; improper input sanitization in Calendar; improper input validation in ImagelO. 

As for Mac users, some vulnerabilities are identified that might allow attackers to manipulate various applications and extract sensitive data due to memory issues, improper checks and more.  

CERT-In has published Vulnerability Note on its website (03-04-2023)

Multiple Vulnerabilities in Apple macOShttps://t.co/EkTf61c8Pc  

Multiple vulnerabilities in Apple Productshttps://t.co/aLgV2qGCCp

— CERT-In (@IndianCERT) April 3, 2023

Who all are affected? 

According to CERT-In, these vulnerabilities are considered high-severity and are affecting systems running on macOS Ventura version before 13.3 and macOS Big Sur version before 11.7.5 and macOS Monterey versions before 12.6.4. In addition to these, several issues are also identified on Apple Watches and Apple TVs.

CERT-In reveals that these vulnerabilities exist in Apple tvOS v16.4 and watchOS v9.4 versions because of flaws in several components including Identity Services, Podcasts and WebKit.

What to do next? 

To make the systems safer, CERT-In advises Apple users to update their devices to the latest software versions.  

Also Read: Microsoft hires IIM Sambalpur student at record-breaking annual salary of Rs 64.61 lakh

Also Read: Elon Musk replaces the iconic Twitter bird logo with a dog icon; here's why

Also Watch: Tech layoffs: iPhone-maker Apple joins Amazon, Meta, Google; may fire corporate retail teams