Indian Government's Major Security Alert for Apple Device Users

Learn about the Indian Government's security alert for Apple device users, including iPhones, iPads, Macs, and Watches, and find out steps to secure your devices against vulnerabilities.

The Indian Government, through the Computer Emergency Response Team (CERT-In), has issued a crucial security warning for users of Apple devices, including iPhones, iPads, Macs, and Apple Watches. This high-severity alert underscores the presence of multiple vulnerabilities across iOS, iPadOS, macOS, tvOS, and watchOS, which could potentially allow attackers to execute arbitrary code, access sensitive information, bypass security restrictions, and even cause system failures.

The vulnerabilities affect a broad range of devices and software versions. For iOS and iPadOS devices, the concerns are with versions earlier than 16.7.6 and v17.4, including popular models like the iPhone 8, iPhone X, and various iPad generations. macOS vulnerabilities are present in Safari due to improper state management, with advised updates to version 16.4 for safeguarding. The alert extends to Apple Watches and TVs, urging users to upgrade to the latest versions to mitigate risks related to privacy, kernel privileges, and UI spoofing.

Issued on March 15, the warning from CERT-In covers multiple vulnerabilities across Apple’s iOS, iPadOS, and potentially other operating systems. Devices impacted include older models like the iPhone 8, iPhone 8 Plus, and iPhone X, as well as more recent devices running on versions prior to iOS 16.7.6 and iPadOS 16.7.6, extending to versions before 17.4 for newer models. These vulnerabilities stem from “improper validation” in several components of the operating system, including Bluetooth, Safari, and WebKit, among others. Issues also extend to privacy concerns within ExtensionKit, Messages, and the Share Sheet, as well as memory corruption in the kernel and RTKit components.

CERT-In’s advisory highlights the significance of these vulnerabilities, which stem from issues like improper validation in Bluetooth and WebKit components, memory mistakes, and logic issues across various parts of the affected systems. To protect against these vulnerabilities, users are advised to promptly update their devices to the latest software versions, apply security patches provided by Apple, use secure connections, enable two-factor authentication, and remain cautious about downloads from untrusted sources.

This comprehensive warning follows Apple’s continuous efforts to enhance the security of its devices through regular updates. Users are encouraged to heed the government’s advice by updating their devices and staying informed about potential threats to ensure their digital security.