The government warns Apple iPhone, iPad, and Mac users of “high risk.”

High risk’ for Apple iPhone, iPad, Mac users, government warns
The government warned Apple users, citing two software vulnerabilities that could result in unauthorized access, data theft, or control by hackers

The government has issued a warning to certain Apple users, citing two software vulnerabilities that could result in a “high risk of unauthorized access, data theft, or gain control (by hackers) of the affected system”.

This ‘high’ severity issue affects Intel-based Mac systems, which includes macOS, iOS, and iPadOS devices, according to the advisory issued by the Indian Computer Emergency Response Team (CERT-In) which comes under the Ministry of Electronics and Information Technology.

“Two vulnerabilities were reported in Apple products, which could be exploited by an attacker to execute arbitrary code or perform XSS attacks on the affected device,” CERT-In wrote in the advisory.

Which Apple users specifically are under threat?
The vulnerabilities which can lead to “potential for unauthorized access to sensitive user information, denial of service and data manipulation,” affect the following software versions:

Apple iOS and iPadOS versions prior to 18.1.1
Apple iOS and iPadOS versions prior to 17.7.2
Apple macOS Sequoia versions prior to 15.1.1
Apple visionOS versions prior to 2.1.1
Apple Safari versions prior to 18.1.1
What can vulnerable Apple users do?
CERT-In advises Apple users for whom the advisory applies, to update their devices to the latest software versions as mentioned in Apple Security Updates to mitigate the risks.

Also Read: Sanjiv Goenka, owner of Lucknow Supergiants, has a net worth of $4 billion: Forbes

More precisely, iPhone and iPad users have to update to iOS 18.1.1 or iOS 17.7.2, Mac users have to install macOS Sequoia 15.1.1, Apple visionOS users have to update to version 2.1.1, and Safari users should update it to version 18.1.1.

What are the technical details of the vulnerabilities in the Apple products?
CERT-In says the vulnerability for the Safari browser exists in JavaScriptCore which is used by it to process JavaScript.

“An attacker could exploit this issue to execute arbitrary code execution by sending maliciously crafted web content to the affected device,” the advisory read.

CERT-In also mentioned a cross-site scripting vulnerability in WebKit, the engine that powers Safari and web content on Apple devices.

“An attacker could exploit this issue by sending maliciously crafted web content to trigger cross-site scripting (XSS) on the affected device,” CERT-In wrote.

Group Media Publications
Entertainment News Platforms – anyflix.in
Construction Infrastructure and Mining News Platform – https://cimreviews.com/
General News Platform – https://ihtlive.com/