Government issues high risk warning for iPhone users: Here’s what they should do

Apple iPhone and iPad users could be at risk. According to an advisory issued by the Indian Computer Emergency Response Team (CERT-In), multiple vulnerabilities have have been reported in Apple iOS and iPadOS that could allow a remote attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted device.

Which Apple devices are impacted?

As per the advisory, Apple iOS 16.1, Apple iOS versions prior to 16.0.3 and iPadOS versions prior to 16 are affected by the vulnerability – CVE-2022-42827. List of impacted devices include Apple iPhone 8 and later, iPad Pro Call models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Why does the vulnerability exist in Apple devices?

In its advisory, CERT-In says that these vulnerabilities exist in Apple iOS and iPadOS due to

– Improper security restrictions in AppleMobileFileIntegrity component

– Improper bounds check in Avevideoencoder component; Improper validation in CrNetwork component

– Improper entitlement in Core Bluetooth component

– Improper memory handling in GPU Drivers component

– Memory corruption issue in IOHIDFamily component

– Use after free issue and Race condition issue in IOKit component

– Improper memory handling and Out-of-bounds write issue in Kernel component

– Improper memory handling and Race condition issue in PPP component

– Use after free issue

– Improper security restrictions and Improper path validation in Sandbox component

– Improper UI handling, Type confusion issue and Logic issue in Webkit component

– Use-after-free error in WebKit PDF component

– Improper input validation in Mail component.

How can the vulnerability impact iPhone users?

These vulnerabilities can be exploited by a remote attacker to persuade the victim to open a specially crafted file or application. On successful exploitation of these vulnerabilities, the attacker could gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted system.

What should users do?

The CERT-In advisory says that the vulnerability is being exploited in the wild. Users are advised to apply software updates as mentioned in the Apple Security updates.

Catch all the Technology News and Updates on Live Mint.
Download The Mint News App to get Daily Market Updates & Live Business News.

More
Less

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.