CERT-In issue a high warning regarding serious vulnerabilities found in multiple Apple products, likes of iPhones and Apple Watches. These vulnerabilities could potentially allow hackers to execute arbitrary code, gain escalate privileges or bypass security measures on the impact devices.
The vulnerabilities come from problems in certificate validation within key components like Security, Kernel, and WebKit in Apple products.
The flaws impact the Safari browser and other browsers using WebKit.
These vulnerabilities enable attackers to bypass security protocols, gain elevate access rights, and execute arbitrary code on targeted systems.
The WebKit vulnerability poses a significant risk as it could enable attackers to take control of Apple devices, accessing personal data, files, and even installing malware.
Thses threats rises when users are going to malicious websites or open harmful attachments.
The security concerns extend to many Apple software versions, including macOS Monterey, macOS Ventura, watchOS, iOS, iPadOS, and Apple Safari.
To reduce the risks associate with these vulnerabilities, users are strongly advise to promptly update their Apple devices to the latest available versions.
Apple has release updates to address these vulnerabilities, which can be access from the official website.
Full List of the Affected Software
- Apple macOS Monterey versions prior to 12.7
- Apple macOS Ventura versions prior to 13.6
- Apple watchOS versions prior to 9.6.3
- Apple watchOS versions prior to 10.0.1
- Apple iOS versions prior to 16.7 and iPadOS versions prior to 16.7
- Apple iOS versions prior to 17.0.1 and iPadOS versions prior to 17.0.1
- Apple Safari versions prior to 16.6.1
CERT-In is a central organization operating under the Ministry of Electronics and Information Technology, Government of India.