The Indian Computer Emergency Response Team (CERT-In) under the IT ministry has issued a high-severity warning for iPhone and iPad users. The government body has issued a warning for iPhone and iPad users running certain versions of iOS and iPadOS operating systems on their devices as it has discovered multiple critical vulnerabilities in these operating systems. The vulnerabilities, identified as CVE-2023-28204, CVE-2023-32373, and CVE-2023-32409, have been classified as high severity by the Indian Computer Emergency Response Team (CERT-In).
What government body has said
According to the government body, these newly found security vulnerabilities when exploited successfully can potentially allow attackers to execute arbitrary code, bypass security measures, gain elevated privileges, access sensitive information, or cause denial-of-service disruptions on affected devices.
Operating systems affected by these vulnerabilities
As per the report, users running Apple iOS versions prior to 16.5 and iPadOS versions prior to 16.5. Apart from these, users running Apple iOS versions prior to 15.7.6 and iPadOS versions prior to 15.7.6 are also affected by these vulnerabilities.
Why these vulnerabilities exist
The report mentions that these vulnerabilities exist in the Apple iOS and iPadOS because the Kernel component is affected by type confusion, use-after-free flaw, permission issues, and a race condition. The WebKit component suffers from out-of-bounds read, use-after-free flaw, and buffer overflow. Other affected components include LaunchServices, IOSurfaceAccelerator, Sandbox, Model I/O, ImageIO, Accessibility, Metal, TV App, Telephony, Shell, IOSurface, CoreServices, System Settings, Photos, Security, Associated Domains, StorageKit, PDFKit, Wi-Fi, Shortcuts, GeoServices, Core Location, NetworkExtension, AppleMobileFileIntegrity, Weather, Cellular, Apple Neural Engine, CoreCapture comment, and SQLit Component.
How these vulnerabilities can be exploited
As per the report, hackers can exploit these vulnerabilities using a remote attacker to entice a victim into visiting specially crafted web content. Once the victim accesses the malicious web content, the attacker can leverage the identified security flaws to execute arbitrary code, evade security measures, gain escalated privileges, extract sensitive information, or disrupt the normal functioning of the targeted device. These vulnerabilities pose a significant risk to the privacy and security of affected users’ data.
What users can do
CERT-In has advised users to immediately apply the right patch for both iOS and iPadOS to protect themselves from these vulnerabilities. Thankfully, Apple has rolled out the latest version of iOS and iPadOS that includes fixes for these vulnerabilities. All users need to do is update their devices with iOS version 16.5 or later and iPadOS version 16.5 or later.
For older devices that cannot upgrade to these versions, iOS version 15.7.6 or later and iPadOS version 15.7.6 or later should be installed.
What government body has said
According to the government body, these newly found security vulnerabilities when exploited successfully can potentially allow attackers to execute arbitrary code, bypass security measures, gain elevated privileges, access sensitive information, or cause denial-of-service disruptions on affected devices.
Operating systems affected by these vulnerabilities
As per the report, users running Apple iOS versions prior to 16.5 and iPadOS versions prior to 16.5. Apart from these, users running Apple iOS versions prior to 15.7.6 and iPadOS versions prior to 15.7.6 are also affected by these vulnerabilities.
Why these vulnerabilities exist
The report mentions that these vulnerabilities exist in the Apple iOS and iPadOS because the Kernel component is affected by type confusion, use-after-free flaw, permission issues, and a race condition. The WebKit component suffers from out-of-bounds read, use-after-free flaw, and buffer overflow. Other affected components include LaunchServices, IOSurfaceAccelerator, Sandbox, Model I/O, ImageIO, Accessibility, Metal, TV App, Telephony, Shell, IOSurface, CoreServices, System Settings, Photos, Security, Associated Domains, StorageKit, PDFKit, Wi-Fi, Shortcuts, GeoServices, Core Location, NetworkExtension, AppleMobileFileIntegrity, Weather, Cellular, Apple Neural Engine, CoreCapture comment, and SQLit Component.
How these vulnerabilities can be exploited
As per the report, hackers can exploit these vulnerabilities using a remote attacker to entice a victim into visiting specially crafted web content. Once the victim accesses the malicious web content, the attacker can leverage the identified security flaws to execute arbitrary code, evade security measures, gain escalated privileges, extract sensitive information, or disrupt the normal functioning of the targeted device. These vulnerabilities pose a significant risk to the privacy and security of affected users’ data.
What users can do
CERT-In has advised users to immediately apply the right patch for both iOS and iPadOS to protect themselves from these vulnerabilities. Thankfully, Apple has rolled out the latest version of iOS and iPadOS that includes fixes for these vulnerabilities. All users need to do is update their devices with iOS version 16.5 or later and iPadOS version 16.5 or later.
For older devices that cannot upgrade to these versions, iOS version 15.7.6 or later and iPadOS version 15.7.6 or later should be installed.
Hits: 0
