Apple users at risk; CERT-IN issues warning citing security vulnerabilities

The Indian Computer Emergency Response Team (CERT-IN) has reportedly issued a high-severity warning to Apple users in the country, citing multiple vulnerabilities that could allow attackers to take control of their devices – according to media reports.

CERT-IN, a national nodal agency that functions under the Ministry of Electronics and Information Technology (MeitY), stated that the vulnerability is in the Apple’s WebKit browser engine that powers its Safari browser. The browser comes pre-loaded in Apple products, including iPhones and watches.

Attackers could exploit the vulnerability by sending specially crafted messages such as tricking users into visiting a malicious website or opening a malicious attachment. This would give them access to users’ personal data and they could even install malware in the device.

In an official statement, CERT-IN said, “These vulnerabilities exist in Apple products due to certificate validation issues in the Security component, an issue in the Kernel, and an error in the Webkit component.

According to media reports, Apple has released a software update to address the security vulnerabilities. Apple users are advised to update their devices to the latest software version.

The required updates from Apple are available through over-the-air, and details about it are also available on CERT-IN website.

The list of affected devices includes:

Apple iOS versions prior to 16.7 and iPadOS versions prior to 16.7

Apple macOS Moneterey versions prior to 12.7

Apple watchOS versions prior to 9.6.3

Apple iOS versions prior to 17.0.1 and iPadOS versions prior to 17.0.1

Apple Safari versions prior to 16.6.1

Apple macOS Ventura versions prior to 13.6

Apple watchOS versions prior to 10.0.1