Some iPhones and iPads may be vulnerable to attackers, warns India's cyber security watchdog

Advertisement
Some iPhones and iPads may be vulnerable to attackers, warns India's cyber security watchdog
Representational image.Unsplash
  • Indian Computer Emergency Response Team (CERT-In) has warned about a vulnerability that affects iPhone and iPad.
  • The county’s cyber security watchdog has said that the vulnerability allows a remote attacker to access sensitive information.
  • Here are the devices that are affected by the vulnerability.
Advertisement
Indian Computer Emergency Response Team (CERT-In), the country’s cyber security watchdog, has warned about multiple vulnerabilities in iOS and iPadOS that may allow a remote attacker to gain access to personal information, run arbitrary code, cause a denial of service, and more.

In its advisory, CERT-In has described the severity of the vulnerability as “high.”

Software and devices affected


In its advisory, CERT-In has mentioned the software and devices affected by the vulnerability –

Devices running on iOS 16.1 and iPadOS before 16


Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

  • iPhone 8 and later
  • iPad Pro (all models)
  • iPad Air (3rd generation and later)
  • iPad (5th generation and later)
  • iPad mini (5th generation and later)

Devices running iOS versions before 16.0.3



  • iPhone 8 and later

CVE-2022-42827 vulnerability


Advertisement

According to CERT-In, the vulnerability named as “CVE-2022-42827” exists due to improper security restrictions in the AppleMobileFileIntegrity component, Improper bounds check in Avevideoencoder component and several other reasons.

“A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application,” the agency said. “Successful exploitation of these vulnerabilities could allow the attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address, or denial of service conditions on the targeted system,” CERT-In added.

What should users do to protect themselves?


The watchdog noted that the vulnerability is being exploited in the wild and advised users to apply appropriate software updates to their devices as mentioned in Apple security updates.

Vulnerability in Safari


In addition to the vulnerability affecting iPhone and iPad, CERT-In has also revealed a vulnerability that is affecting Safari. According to the agency, the vulnerability affects Apple Safari versions prior to 16.1 and could allow attackers to spoof URLs, disclose sensitive information or execute arbitrary code on the target system.

To prevent this, users are recommended to apply the patches released by Apple.

Advertisement
SEE ALSO:

India’s IT giants are worried about moonlighting employees sharing their corporate secrets

The ₹1,338 crore fine is just the tip of the iceberg as CCI orders Google to take several measures to curb its anti-competitive behavior

Apple iPad 10th gen, iPad Pro, and Apple TV 4K launched in India – price, specs, and everything you need to know

{{}}