The Central government has issued a high-severity warning to Apple users about a new security vulnerability that could allow attackers to take control of their devices. The vulnerability is in the WebKit browser engine, which is used by Safari and other browsers.
It comes in Apple products like the iPhone and iWatch.
The Indian Computer Emergency Response Team, which functions under the Ministry of Electronics and Information Technology, has cautioned against multiple vulnerabilities that could allow an attacker to execute an arbitrary code, escalate privileges, or bypass security restrictions on the target system.
It is the central organisation in charge of dealing with threats to online safety such as scamming and hacking. It strengthens the security defenses of the Indian Internet domain.
These vulnerabilities exist in Apple products due to certificate validation issues in the security component, an issue in the Kernel and an error in the Webkit component. “An attacker could exploit these vulnerabilities by sending specially crafted requests,” the CERT-IN statement said.
The attackers could exploit the vulnerability by tricking users into visiting a malicious website or opening a malicious attachment.
If successful, the attackers could gain access to the user’s personal information and files, and they could even install malware on the user’s device.
These vulnerabilities exist in Apple products as a result of issues with certificate validation in the security component, the Kernel, and the WebKit component.
An attacker could exploit these flaws by sending a cleverly constructed request.
These weaknesses could grant an attacker higher access rights by circumventing security safeguards on the targeted system or executing arbitrary code.
According to the national nodal authority that manages cybersecurity-related problems across many releases, users who want to secure their data should immediately update their devices to the most recent watchOS, tvOS, and macOS versions.
If Apple watches, TVs, iPhones, and MacBooks’ software flaws are not resolved, attackers may be able to get access to the devices.
Apple has also supplied the necessary upgrades to fix this issue on the official website, cert-in.org.in.
The list of affected software includes Apple macOS Monterey versions before 12.7, Apple macOS Ventura versions before 13.6, Apple watchOS versions before 9.6.3, Apple watchOS versions before 10.0.1, Apple iOS versions before 16.7 and iPadOS versions before 16.7, Apple iOS versions before 17.0.1 and iPadOS versions before 17.0.1, Apple Safari versions before 16.6.1.