Urgent Updates Needed to Protect Against Severe Security Vulnerabilities
The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning for users of Apple devices, including iPhones, MacBooks, Apple Watches, and more. This urgent alert affects various software versions and calls for immediate updates to safeguard against potential security threats. CERT-In’s warning covers multiple Apple software versions: iOS and iPadOS versions prior to 17.6 and 16.7.9, macOS Sonoma versions before 14.6, macOS Ventura versions before 13.6.8, macOS Monterey versions before 12.7, watchOS versions before 10.6, tvOS versions before 17.6, visionOS versions before 1.3, and Safari versions before 17.6. The cybersecurity agency has detected multiple vulnerabilities in these Apple products. These security flaws could potentially allow attackers to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS), and perform spoofing attacks. These vulnerabilities pose a significant risk as they could enable attackers to steal sensitive data, install harmful software, circumvent security protocols, disrupt services, and deceive users with false information.
Immediate actions required
CERT-In strongly recommends that users of iPhones, MacBooks, Apple Watches, and the Safari browser update their devices immediately if they are running the affected software versions. Prompt updates are crucial to mitigate these security risks.
In addition to the vulnerabilities, Apple has alerted users about potential “mercenary spyware attacks,” akin to the Pegasus spyware. These alerts, sent to users across over 150 countries, including India, are intended to warn about sophisticated spyware threats targeting iPhones. Notable figures, including Iltija Mufti, media adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of Samruddha Bharat Foundation, have reported receiving these warnings.
The Ministry of Electronics and Information Technology (MeitY) and Apple have yet to respond to inquiries regarding these issues. CERT-In continues to monitor the situation and advises users to stay informed about the latest security updates. The central government’s advisory emphasises the high risk associated with these vulnerabilities and urges users to take immediate steps to secure their devices.
Steps to enhance security
In addition to updating software, users can take several steps to protect their devices from these vulnerabilities: regularly check for software updates and enable automatic updates to ensure your device is protected against newly discovered threats, avoid clicking on suspicious links or downloading unverified apps, always download apps from the official App Store to minimise the risk of malware, use strong, unique passwords for your Apple ID and other accounts, enable two-factor authentication (2FA) for an added layer of security, regularly review and manage the permissions granted to apps on your devices to prevent unauthorised access, and be cautious of unexpected prompts asking for personal information or credentials. Verify the source before providing any information to avoid falling victim to phishing attacks.
