A few vulnerabilities have been spotted in the Apple iOS, watchOS and macOS, and the Indian government has issued a warning for iPhone users.
Apple iPhones, Watches, Macs are considered to be the most premium products in their segments. Apple products are known across the globe for their durability, safety features and timely updates. Apple iPhones, Watches and other products are often used by buyers for day to day communication and taks. With increasing cyber frauds each day, the Cupertino based tech giant rolls out security updates for its devices from time to time. Apple always recommends iPhone, Watch and Mac users to run the latest version of iOS, watchOS and macOS to have a feature rich and secure experience. However, a few Apple users don’t upgrade their software versions due to lack of data or ease of use. But not installing the latest version of the available update exposes your Apple devices to be exploited by hackers. A few such vulnerabilities have been spotted in the Apple iOS, watchOS and macOS, and the Indian government has issued a warning for iPhone users.
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has revealed that multiple vulnerabilities have been reported in Apple products which could allow an attacker to gain elevated privileges, execute arbitrary code with kernel privileges, gain access to sensitive information, bypass security restrictions and may lead to a denial-of-service on the targeted system. The vulnerabilities will affect Apple iOS versions prior to 12.5.7, 15.7.3, 16.3, watchOS versions prior to 9.3, macOS Big Sur versions prior to 11.7.3, macOS Monterey versions prior to 12.6.3, macOS Ventura versions prior to 13.2, Safari versions prior to 16.3, and tvOS versions prior to 16.3.
According to CERT-In, these vulnerabilities exist in in Apple products due to type confusion flaw in Webkit and DriverKit component; leak of sensitive kernel state in Kernel and Wi-Fi component; access of sensitive data in AppleMobileFileIntegrity component; a logic issue in Mail Exchange, Maps, Weather, Windows Installer, PackageKit, DiskArbitration and Mail Drafts component; Multiple issues in curl and Vim; buffer overflow in dcerpc component; privacy issue in Screen Time and Shortcuts component; flaw in the Intel Graphics Driver component; memory corruption in ImagelO component; race condition in the Crash Reporter component; denial of service condition in Security component. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a maliciously crafted web content.
Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code with kernel privileges, gain access to sensitive information, bypass security restrictions and may lead to a denial-of-service on the targeted system.
To avoid any swindling, you should apply appropriate software updates as mentioned in the Apple Security updates.