The Indian Computer Emergency Response Team (CERT-In) has issued a “severe” warning for Apple users who own iPhones, iPads, Macs, and more regarding multiple vulnerabilities. As per the warning, these vulnerabilities can expose users to risks like information leaks, unauthorised code execution, security bypasses, denial of service (DoS) attacks, and spoofing attacks.
The advisory stated, “Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) and perform spoofing attacks on the targeted system”.
These vulnerabilities are found across several Apple software updates for iPhone, iPad including iOS and iPadOS versions prior to 17.6 and 16.7.9, macOS Sonoma versions prior to 14.6, macOS Ventura versions prior to 13.6.8, macOS Monterey versions prior to 12.7.6, watchOS versions prior to 10.6, tvOS versions prior to 17.6, visionOS versions prior to 1.3, Safari versions prior to 17.6.
To stay safe from these vulnerabilities, CERT-In has urged the users to promptly install the necessary software updates provided by Apple on their respective devices. The severity of the vulnerabilities was marked “high” in the advisory.
Notably, this security issue has not been confirmed by Apple yet. However, Apple has been actively sending alerts to users in around 150 countries, including India, regarding potential “mercenary spyware attacks”. These attacks are similar to Pegasus spyware developed by NSO Group that are designed to compromise the privacy of iPhones remotely.
Mercenary spyware is a highly sophisticated and expensive type of surveillance software developed by private companies and often used by governments to target specific individuals. These attacks are typically aimed at journalists, activists, politicians, and diplomats.
To safeguard users from such attacks, Apple sends “threat notifications” to users who might be targeted. These notifications inform users about the potential threat and provide guidance on how to protect their devices. Additionally, Apple’s Lockdown Mode offers enhanced protection for users who may be at high risk of targeted cyberattacks. This mode restricts certain device functionalities to mitigate potential threats.