The Indian government has issued a high-severity warning to Apple users about a new security vulnerability that could allow attackers to take control of their devices. The vulnerability lies in the WebKit browser engine, used by Safari and other browsers. It is available in Apple products such as iPhone and Watch.
Attackers could exploit this vulnerability by tricking users into visiting a malicious website or opening a malicious attachment. If successful, attackers could access the user’s personal information and files, and could even install malware on the user’s device.
These vulnerabilities exist in Apple products due to certificate validation issues in the Security component, kernel, and WebKit component. An attacker could exploit these flaws by sending a cleverly constructed request. These weaknesses could grant an attacker higher access rights by bypassing security measures on the targeted system or executing arbitrary code.
According to the national nodal authority that handles cybersecurity issues in many versions, users who want to secure their personal data should immediately update their devices to the latest versions of watchOS, tvOS and macOS. If software flaws in Apple Watches, TVs, iPhones and MacBooks are not addressed, attackers could gain access to the devices.
Apple has also provided the necessary upgrades to resolve this issue on the official website, cert-in.org.in.
The Indian Computer Emergency Response Team (CERT-In or ICERT) is managed by the Ministry of Electronics and Information Technology, Government of India. It is the central organization responsible for combating online security threats such as scams and hacking. It strengthens the security defenses of the Indian Internet domain.
List of affected software
Apple macOS Monterey versions prior to 12.7
Apple macOS Ventura versions prior to 13.6
Apple watchOS versions prior to 9.6.3
Apple watchOS versions prior to 10.0.1
Apple iOS versions before 16.7 and iPadOS versions before 16.7
Apple iOS versions before 17.0.1 and iPadOS versions before 17.0.1
Apple Safari versions prior to 16.6.1