CERT-In (the Ministry of Electronics and Information Technology) reports several threats in Apple products that could grant an attacker access to the target system. This could allow the attacker to “elevate privileges, run arbitrary code, unveil sensitive data, and break security measures.”
According to the CERT-In, Apple products are vulnerable due to inappropriate security controls in the AppleMobileFileIntegrity. Other issues that are affecting Apple devices include shortcut components, out-of-bounds read issues, and inapt UI handling in the WebKit component.
In addition, there is a memory corruption problem in the ‘Media Library’ component and the ‘contacts’ component has a problem with inappropriate checks. The advisory says that a remote attacker can take advantage of these flaws by convincing the target/victim to open a specially created file or programme. CERT-In further advises users to implement proper software updates as recommended by Apple Security.
Software affected by these issues includes:
- Apple iOS version prior to 16 for iPhone 8 and later models
- Apple laptops running on:
- The MacOs Monterey version, prior to 12.6
- The MacOs Big Sur version, prior to 11.7
- The Apple Safari version, prior to Safari 16
- Apple iPadOS & iOS version prior to 15.7 for:
- iPad Pro (all models)
- iPhone 6s and later
- iPad 5th generation and later
- iPad mini 4 and later
- iPad Air 2 and later
- iPod touch