Recently, the national nodal agency that oversees cybersecurity-related issues, CERT-In (Indian Computer Emergency Response Team) has issued medium to high-severity warnings to Apple users in India.
Apple Issuing High-Severity Warnings
They have found vulnerabilities on Mac PCs, Watches, and Apple TVs that might give the attacker “access to sensitive information” if exploited.
To avoid this, the agency within the Ministry of Electronics and Information Technology (MeitY) advises users to update the software versions immediately.
One can also go through the government advisories which were issued between March 31 to April 3 are available on CERT-In’s official website.
In the case of Macs, the vulnerabilities lie in Apple’s proprietary Safari web browser.
According to CERT-In, the flaw exists due to “improper state management” in the WebKit component.
How Does This Affect?
The warning stated that “A remote attacker could exploit these vulnerabilities by persuading a victim to a specially crafted web page.”
It is noteworthy here that if the user ends up providing information then sensitive information could be extracted.
To avoid this threat, the users need to upgrade the Safari version to 16.4.
They will simply have to upgrade the web browser by opening the Apple App Store desktop app > Click Updates in the App Store toolbar > Use the Update buttons to download and install any updates listed.
The Mac users are also advised to upgrade to the MacOS version to ensure their security.
Further, CERT-In noted that there are “multiple vulnerabilities” due to “memory issues, improper checks, improper input validation, curl issues, improper bound checks, privacy issues, logic issues, race condition errors, using older version of Vim, and improper state management issues.
Adding, “It means an attacker could exploit and can directly manipulate various applications to extract sensitive data.”
Multiple Issues In Apple Watches and Apple TVs
In this regard, the agency claims that these are the high-severity flaws affecting systems running on macOS Ventura versions before 13.3, macOS Big Sur versions before 11.7.5, and macOS Monterey versions before 12.6.4.
Notably, multiple issues have been found on Apple Watches and Apple TVs.
Further, CERT-In informed that these vulnerabilities exist in Apple tvOS and watchOS products due to flaws in “AppleMobileFileIntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts and WebKit.”
It appears that the successful exploitation of these vulnerabilities could allow an attacker to bypass privacy preferences, execute arbitrary code with kernel privileges to gain access to sensitive information, and spoof user interface on the targeted system.
This can simply be avoided by the users to upgrade to newer Apple tvOS and watchOS versions.
These issues seem to be targeting the systems running TvOS versions prior to 16.4 and Apple WatchOS versions prior to 9.4.
It is noteworthy here that the fact that Apple is addressing these flaws in the latest macOS, tvOS, and watchOS versions means the company is aware of the problems.
So far, there is not a warning for iPhone and iPad users.
But, it is best to update the operating system versions to iOS 16.4 and iPadOS 16.4.