India’s cybersecurity agency has warned Apple products have a “remote code execution vulnerability” in devices, meaning they are vulnerable to exploitation by hackers.
The Computer Emergency Response Team (CERT-In) said hackers can “remotely gain access on a device and execute arbitrary code on the targeted system”. It said that the vulnerability is in iPhone and iPad devices with iOS and iPad OS versions prior to 17.4.1. The vulnerability is also in iOS and iPad versions before the 16.7.7 update, available on iPhone 8, iPhone 8 Plus, iPhone X, iPad gen 5, iPad Pro 9.7-inch, and iPad Pro 12.9-inch gen 1.
The agency has given a “high” severity rating to the issue. It said that the remote code execution vulnerability also affects “Apple Safari versions prior to 17.4.1, which is available for macOS Monterey and macOS Ventura; MacBook users on macOS Venture versions prior to 13.6.6; and macOS Sonoma versions prior to 14.4.1”.
According to a report by India Today website, CERT-In said that the issue is due to an “out-of-bounds write issue in WebRTC and CoreMedia”, which implies that the security flaw could let a hacker trick someone into visiting a specific link, which could then be used to attack the device remotely. “Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system,” the vulnerability note on CERT-In website reads.
Steps to ensure security of Apple devices:
-Keep Apple iOS and iPad OS devices updated with the latest software
-Apply security patches provided by Apple, especially those addressing vulnerabilities highlighted by CERT-In
-When connecting to a network, prioritise secure connections and avoid unsecured or public Wi-Fi network
-Enable two-factor authentication (2FA) for an added layer of security
-Back up data to protect against data loss due to security breaches or system failures
First Published: Apr 03 2024 | 3:28 PM IST