The IT ministry via the Indian Computer Emergency Response Team (CERT-In), has issued a “high severity” advisory for those using Apple products like iPhone, MacBook, Watch and Apple TV. CERT-In is advising users to update to the latest software version as several security issues have been found in Apple products. Not updating to the latest version may lead to your iPhone or other Apple devices getting tracked or some malware may get pushed remotely.
“Multiple Vulnerabilities have been reported in Apple products which could be exploited by an attacker to gain elevated privileges, bypass security restriction, execute arbitrary code and disclose sensitive information on the targeted system,” said CERT-In in its advisory.
The vulnerabilities in Apple products are due to improper memory handling, state management, input validation, checks, handling of file metadata, state handling, bounds checking, locking, sandbox restrictions, access restrictions, permissions logic, execution of JavaScript in a scripting dictionary and mis-configuration in Bluetooth.
“An attacker could exploit these vulnerabilities by convincing the user to run a maliciously crafted application. Successful exploitation of these vulnerabilities could allow an attacker to bypass security restriction,” it added.
The new iOS 15.2 and iPadOS 15.2 is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple too warns that parsing a maliciously crafted audio or image file may lead to disclosure of user information, if users don’t update. As for MacBooks, the device may be “passively tracked via BSSIDs”.
Apple has fixed a lot of CVEs in the latest version of its software for its products. If you use any Apple device it is highly advisable that you go to Settings and hit the update button.