India’s cybersecurity agency CERT-In has issued a warning about a “high” severity flaw that allows remote code execution attacks on a wide range of Apple products.
The devices at most risk are older versions of iOS, iPadOS, macOS, and even visionOS for the Vision Pro headset.
Indian Computer Emergency Response Team has shared the details which pointed out that vulnerabilities exist due to issues in various hardware components in Android devices, which include Framework, System, MediaTek components, Widevine, Qualcomm components and Qualcomm closed source components.
It stems from an out-of-bounds write issue in WebRTC and CoreMedia components that enables bad actors to run malicious code on vulnerable devices remotely.
Almost all recent iPhone (8 and later), iPad (5th gen and newer), and Mac laptop/desktop is impacted if not updated, reported the Indian Express.
The Vision Pro is also vulnerable on visionOS versions before 1.1.1. Older iPhones like the 8/X and some older iPads are at risk if they haven’t made the jump to iOS/iPadOS 16.7.7 at minimum.
CERT-In has warned that if left unpatched, these vulnerabilities can let malicious hackers obtain sensitive information, gain special privileges and cause a Denial of Service or DoS attack.
A DoS attack is wherein an hacker makes a machine or a network temporarily inaccessible to the user.
CERT-In has cautioned against vulnerabilities in various Apple devices like iPhones, iPads, PCs, and the Apple Vision Pro. The organization highlights that these vulnerabilities could enable malicious hackers to execute arbitrary code on the targeted system.
In simpler terms, hackers could exploit this flaw to run their own code on Apple devices, potentially accessing private data. Apple has promptly released patches to address these vulnerabilities. To safeguard their devices, all Apple users are advised to download the latest versions of Apple's operating systems.
Google has released a patch to address a vulnerability, and Samsung has also deployed this security update for its users. This means that Pixel phone and Samsung smartphone users can safeguard their devices by downloading the latest OS version. While other OEMs are still pending the Android update release, users can expect it to be available soon, ensuring comprehensive protection across various devices.
