Government issues high-risk warning for iPhone users: Here’s what they should do

Apple iPhone and iPad users could be at risk. According to an advisory issued by Computer Emergency Response Team India (CERT-In), multiple vulnerabilities have been reported in Apple iOS and iPadOS which could allow a remote attacker to access sensitive information, execute arbitrary code, spoof the interface address, or deny terms of service on the targeted device.

Which Apple devices are impacted?

According to the opinion, Apple iOS 16.1, Apple iOS versions earlier than 16.0.3 and iPadOS versions earlier than 16 are affected by the vulnerability – CVE-2022-42827. The list of affected devices includes Apple iPhone 8 and later, iPad Pro Call models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Why does the vulnerability exist in Apple devices?

In its advisory, CERT-In states that these vulnerabilities exist in Apple iOS and iPadOS due to

– Inappropriate security restrictions in AppleMobileFileIntegrity component

– Check for incorrect limits in Avevideoencoder component; Incorrect validation in CrNetwork component

– Wrong permission in Core Bluetooth component

– Poor memory management in GPU Drivers component

– Memory corruption issue in IOHIDFamily component

– Use after free issue and race condition issue in IOKit component

– Poor memory management and out of bounds write issue in Kernel component

– Poor memory management and race condition issue in PPP component

– Use after free number

– Incorrect security restrictions and incorrect path validation in Sandbox component

– Poor UI handling, type confusion issue and logic issue in Webkit component

– Use error after release in WebKit PDF component

– Incorrect validation of entries in the Mail component.

How might the vulnerability affect iPhone users?

These vulnerabilities can be exploited by a remote attacker to trick the victim into opening a specially crafted file or application. Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, execute arbitrary code, spoof interface address or denial of service conditions on the targeted system.

What should users do?

The CERT-In advisory indicates that the vulnerability is being exploited in the wild. Users are advised to apply software updates as directed in Apple Security Updates.

Catch all the tech news and updates on Live Mint. Download the Mint News app to get daily market updates and live trade news.

More less

Previous How does a credit card consolidation loan work… and is it the right option for you?
Next Apple fixes several security bugs in iOS, iPadOS and Safari browsers