India’s Computer Emergency Response Team (CERT-In) has issued an advisory for Apple products users. The cyber security agency has reported multiple vulnerabilities in Apple products that could allow an attacker to bypass Privacy preferences, execute arbitrary code with kernel privileges, gain access to sensitive information, and spoof user interface on the targeted system.
For those unaware, CERT-In is a national nodal agency for responding to computer security incidents under the Ministry of Electronics and Information Technology (Meity).
Who are the impacted users?
The vulnerability exists in Apple tvOS and watchOS products. It impacts Apple tvOS version prior v16.4 and Apple WatchOS version prior to v9.4. The vulnerability is rated as high severity by CERT-In.
In its advisory, CERT-In says that these vulnerability exists due to flaw in AppleMobileFilelntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts and WebKit; out-of-bounds read in Core Bluetooth and ImagelO; improper memory handling in CoreCapture, FontParser and ImagelO; arbitrary code execution in Foundation; arbitrary code with kernel privileges in Kernel; bypass Same Origin Policy in WebKit; origin information in WebKit; improper input sanitization in Calendar; improper input validation in ImagelO.
What should users do?
Apple has already released a software update for the same. Users are advised to update their device to WatchOS v9.4 and AppletvOS v16.4.
In a separate advisory, CERT-In is also warning against multiple vulnerabilities in Apple Safari. It says that the vulnerabilities in Apple Safari versions prior to 16.4 for macOS Big Sur and macOS Monterey Overview could be exploited by an attacker to gain access to sensitive information on the targeted system. These Vulnerabilities exist in Apple Safari due to improper state management and disclosing of origin information in the WebKit component, CERT-In says.
Download The Mint News App to get Daily Market Updates & Live Business News.
More
Less
