The Apple product users in India has received a “severe” warning from the government about multiple vulnerabilities. The warning has been issued by the Indian Computer Emergency Response Team (CERT-In). According to the warning, multiple vulnerabilities found in Apple products such as iPhones, iPads, Macs, and more. The vulnerabilities reportedly allow leak of sensitive information, execution of arbitrary code, security bypasses, denial of service (DoS) attacks, and spoofing attacks.
The warning issued by CERT-In on August 2, stated that the vulnerabilities affects Apple products running on:
iOS version prior to 17.6
iPadOS versions prior to 16.7.9
macOS Sonoma versions prior to 14.6
macOS Ventura versions prior to 13.6.8
macOS Monterey versions prior to 12.7.6
watchOS versions prior to 10.6
tvOS versions prior to 17.6
visionOS versions prior to 1.3
Safari versions prior to 17.6
Meanwhile, the central agency has advised Apple users to update their device with latest security patches as soon as possible to avoid any high-level risks.
Though, Apple is yet to confirm any security risk from the vulnerabilities. However, the company has been sending alerts about potential “mercenary spyware attacks,” similar to Pegasus from the NSO Group to users in over 150 countries. The list of countries also includes India.
According to the alert, the spyware attack can remotely compromise iPhones. Apple’s threat notification warns users that these mercenary spyware attacks are exceptionally rare and more sophisticated than typical cybercriminal activities or consumer malware.
Meanwhile, the Ministry of Electronics and Information Technology (MeitY) and Apple have not responded to queries regarding these issues.