The Indian Computer Emergency Response Team has said that many of Apple’s products have flaws.
Due to these flaws many Apple devices are falling victim to cyber attacks.
These flaws may allow security restrictions on the target system to be bypassed.
New Delhi. Many flaws found in Apple products are causing cyber attacks on select Apple devices. Due to this, the Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Apple users asking them to update their products immediately.
The agency has said in its advisory that a number of flaws have been found in Apple’s products that could allow hackers to access your device and steal your sensitive information by executing arbitrary codes and bypass security restrictions on target systems.
affected by this product
As per CERT-in these devices – iPhone 6s, iPad Pro (all models), iPad Air 2, iPad 5th generation. Includes iPad mini 4 and iPod touch (7th generation). Apart from this, iPhones running on iPhone 8 and iOS 16 are being affected by these flaws.
Apple laptops are also getting affected
The advisory said that Apple laptops with macOS Monterey versions prior to 12.6, Apple MacOS Big Sur versions prior to 11.7 and Apple Safari versions prior to Safari 16 were also affected.
Reasons for flaws in Apple products
CERT-In says that these flaws exist in Apple products due to logic issues in Safari Extensions, ATS, Maps, PackageKit and Shortcuts components. Buffer overflow issues, out-of-bounds read issues, and improper UI handling issues in WebKit components are also affecting Apple devices.
The advisory states that out-of-bounds write issue and improper memory handling issue in kernel component, memory corruption issue in media library component and improper check issue in contact component are possible reasons for security flaws.
what did apple say
Apple says these flaws could allow scammers to open specially crafted files or applications. By taking advantage of these loopholes, hackers can steal sensitive information of users by executing arbitrary codes and this can allow security on the target system to be bypassed.
what is the solution
In its advisory webpage, CERT-in has advised users to download the software update provided in the Apple Security Update for Safari 16, macOS Big Sur 11.7, macOS Monterey 12.6 and iOS 16.