CERT-In or the Indian Computer Emergency Response Team, has issued a high severity for Apple iOS and iPad OS devices. The warning was issued on March 15 and is listed on the official CERT-In website. As per the warning, multiple vulnerabilities were found in Apple iOS and iPadOS, which can possibly let someone attack the system to make it stop working, run any code they want, access sensitive information, and get around security measures.
The vulnerability can “allow an attacker to trigger denial of service condition, execute arbitrary code, sensitive information disclose and bypass security restrictions on the targeted system”, read the CERT-In website.
The security flaw impacts iOS and iPadOS versions earlier than 16.7.6 for devices like iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. It also affects versions before v17.4 for devices like iPhone XS and newer, iPad Pro 12.9-inch 2nd generation and newer, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and newer, iPad 6th generation and newer, and iPad mini 5th generation and newer.
As per CERT-In the issues in Apple's iOS and iPadOS have been caused because of “improper validation” in Bluetooth, libxpc, MediaRemote, Photos, Safari & WebKit parts. There are also privacy problems in ExtensionKit, Messages, Share Sheet, Synapse & Notes parts. Another problem is that ImagelO can get too full, and the kernel & RTKit parts can have memory mistakes. Safari Private Browsing & Sandbox have a logic issue, while Siri has a lock screen problem, and CoreCrypto has a timing problem.
Exploiting these vulnerabilities could lead to causing system failures, executing unauthorised code, accessing private information, and bypassing security measures.
Update software: Ensure that your Apple iOS and iPadOS devices are running the latest versions. Manufacturers often release software updates to fix security issues, so regularly check for and install updates.
Install security patches: Apply any security patches provided by Apple specifically to address the vulnerabilities mentioned by CERT-In.
Use secure connections: Avoid connecting to unsecured or public Wi-Fi networks, as they can increase the risk of unauthorized access to your device.
Enable Two-Factor Authentication (2FA): Adding an extra layer of security like 2FA can help prevent unauthorized access even if someone gains access to your credentials.
Be cautious with downloads: Only download apps and software from trusted sources such as the Apple App Store. Avoid downloading apps from unknown or suspicious sources.
Regularly back up data: Keep regular backups of your important data to protect against potential data loss in case of a security breach or system failure.
Stay informed: Stay updated with security alerts and advisories from official sources like CERT-In or Apple. Being aware of potential threats can help you take timely action to protect your devices.
By following these precautions, users can significantly reduce the risk of exploitation from such vulnerabilities and enhance the overall security of their Apple devices.