The Indian Computer Emergency Response Team, or CERT-In has issued a high-severity warning to Apple users regarding a new security vulnerability that could allow attackers to take control of their devices.
The Indian Computer Emergency Response Team (CERT-In or ICERT) is managed by the Government of India’s Ministry of Electronics and Information Technology.
It is the central organisation in charge of dealing with cybersecurity threats such as scamming and hacking.
What is the issue?
It said the vulnerability is in the WebKit browser engine, which is used by Safari and other browsers and comes in Apple products such as the iPhone and watch.
These vulnerabilities exist due to issues with certificate validation in the Security component, the Kernel, and the WebKit component.
How it works
Attackers could exploit it by tricking users into visiting a malicious website or opening a malicious attachment.
If successful, the attackers could gain access to the user’s personal information and files or install malware on the user’s device.
Hackers can exploit these flaws by sending a cleverly constructed request which will then grant them higher access rights by circumventing security safeguards on the targeted system or executing arbitrary code.
What to do
Users who want to secure their personal data should immediately update their devices to the most recent watchOS, tvOS, and macOS versions.
If Apple watches, TVs, iPhones, and MacBooks’ software flaws are not resolved, attackers may be able to get access to the devices.
Apple has provided the required upgrades to fix this issue on CERT-In’s official website cert-in.org.in.
List of affected softwares
- Apple macOS Monterey versions prior to 12.7
- Apple macOS Ventura versions prior to 13.6
- Apple watchOS versions prior to 9.6.3
- Apple watchOS versions prior to 10.0.1
- Apple iOS versions prior to 17.0.1 and iPadOS versions prior to 17.0.1
- Apple Safari versions prior to 16.6.1