Successful exploitation of vulnerabilities in Apple products could allow the attacker to gain elevated privileges, execute arbitrary code, disclose sensitive information and bypass security restrictions on the targeted system.
Select Apple devices are susceptible to cyber attacks due to multiple vulnerabilities found in Apple products. The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Apple users asking them to update their products immediately. “Multiple vulnerabilities have been reported in Apple products which could allow an attacker to gain elevated privileges, execute arbitrary code, disclose sensitive information and bypass security restriction on the targeted system” the agency says in its advisory.
Which Apple products are affected?
In its advisory, CERT-In says that iPhones running Apple iOS version prior to 16 for iPhone 8 and later are affected by these vulnerabilities. The impacted device list also includes iOS and iPadOS version prior to 15.7 for
– iPhone 6s and later
– iPad Pro (all models)
– iPad Air 2 and later
– iPad 5th generation and later
– iPad mini 4 and later
– iPod touch (7th generation)
Apple laptops running macOS Monterey version prior to 12.6, Apple macOS Big Sur version prior to 11.7 and Apple Safari version prior to Safari 16 are also affected, the advisory states.
Why do these vulnerabilities exist in Apple products?
CERT-In says that these vulnerabilities exist in Apple products due to logic issues in Safari Extensions, ATS, Maps, PackageKit and Shortcuts components. Buffer overflow issue, out-of-bounds read issue and improper UI handling issue in WebKit component are also impacting Apple devices.
As per the advisory, out-of-bounds write issue and improper memory handling issue in Kernel component, memory corruption issue in MediaLibrary component and improper checks issue in contacts component are probable reasons for the security loophole.
These vulnerabilities, Apple says, can allow a remote attacker to persuade the victim to open a specially crafted file or application. Successful exploitation of these vulnerabilities could allow the attacker to gain elevated privileges, execute arbitrary code, disclose sensitive information and bypass security restrictions on the targeted system.
What is the solution?
In its advisory webpage, CERT-In has advised users to download appropriate software updates as mentioned in Apple security updates for Safari 16, macOS Big Sur 11.7, macOS Monterey 12.6 and iOS 16.