Apple iPhone and iPad users, government has ‘high-risk’ warning for you

The Indian Computer Emergency Response Team (

CERT-In

) under the IT Ministry has issued a high-severity alert for

iPhone

and iPad users. The government body has issued a warning for iPhone and iPad users who are running certain versions of

iOS

and iPadOS operating systems on their devices, as it has discovered several critical vulnerabilities in these operating systems. The vulnerabilities, identified as CVE-2023-28204, CVE-2023-32373 and CVE-2023-32409, have been classified as high severity by the Indian Computer Emergency Response Team (CERT-In).

What government body said

According to the government body, these newly discovered security vulnerabilities, when successfully exploited, could potentially allow attackers to execute arbitrary code, bypass security measures, gain elevated privileges, access sensitive information, or cause denial of service disruption on affected devices. cause.

Operating systems affected by these vulnerabilities

According to the report, users are walking

appeal

iOS versions before 16.5 and iPadOS versions before 16.5. Apart from this, users running Apple iOS versions before 15.7.6 and iPadOS versions before 15.7.6 are also affected by these vulnerabilities.

Why these vulnerabilities exist

The report mentions that these vulnerabilities exist in the Apple iOS and iPadOS because the Kernel component is affected by type confusion, use-after-free error, permission issues and a race condition. The WebKit component suffers from out-of-bounds reads, use-after-free errors, and buffer overflows. Other affected components include LaunchServices, IOSurfaceAccelerator, Sandbox, Model I/O, ImageIO, Accessibility, Metal, TV App, Telephony, Shell, IOSurface, CoreServices, System Settings, Photos, Security, Associated Domains, StorageKit, PDFKit, Wi-Fi, Shortcuts, GeoServices, Core Location, NetworkExtension, AppleMobileFileIntegrity, Weather, Cellular, Apple Neural Engine, CoreCapture Comment and SQLit Component.

How these vulnerabilities can be exploited

According to the report, hackers could exploit these vulnerabilities by using a remote attacker to trick a victim into visiting specially crafted web content. Once the victim gains access to the malicious web content, the attacker can use the identified security flaws to execute arbitrary code, evade security measures, gain elevated privileges, extract sensitive information, or disrupt the normal functioning of the targeted device. These vulnerabilities pose a significant risk to the privacy and security of affected users’ data.

What users can do

CERT-In advised users to immediately apply the correct patch for both iOS and iPadOS to protect themselves from these vulnerabilities. Fortunately, Apple has released the latest version of iOS and iPadOS that includes fixes for these vulnerabilities. All users need to do is update their devices to iOS version 16.5 or later and iPadOS version 16.5 or later.

For older devices that cannot upgrade to these versions, iOS version 15.7.6 or later and iPadOS version 15.7.6 or later must be installed.