Government issues advisory regarding various vulnerabilities in Apple products

The government on Friday said that several vulnerabilities were reported in Apple products which can open the door for potential attackers to gain access to sensitive information, execute arbitrary code, bypass various security restrictions, and induce denial of service (DoS) conditions, among other potential threats.

This security alert follows a warning issued to Samsung users just two days prior, regarding critical security concerns affecting phones operating on Android versions 11, 12, 13, and 14, The Hindu reported. Samsung’s flagship smartphone, the Galaxy S23, found itself on the list due to operating on the Android 14 update.

As per the Advisory from the Computer Emergency Response Team (CERT-in) on Friday, Apple products affected by the identified vulnerabilities include iOS, Apple watchOS, iPadOS, and Apple Safari versions prior to 17.2. CERT-In has classified the severity rating for these products as ‘high’, indicating potential risks such as bypassing authentication, gaining elevated privileges, and “perform spoofing attacks on the targeted system”.

The Ministry of Electronics and Information Technology (MeitY) sent a notice to Apple on October 31, informing the Cupertino-based tech giant that the CERT-In would investigate the matter of Apple notifying Indian iPhone users that their devices may have been targeted in a “state-sponsored” attack. “Given the sensitivity and the gravity of the case and the security breach related to high-level dignitaries, an investigation into the serious issue will be taken up by CERT-In and related Government entities,” read the letter sent by the cyber laws division at MeitY.

Industry sources, as per The Hindu, said that these advisories were based upon reports from companies, prompting immediate software updates.

In a parallel move, CERT-In has also issued a similar advisory highlighting multiple vulnerabilities in Adobe products.

Earlier in the week, on December 13, the agency issued an advisory concerning Microsoft products, encompassing Microsoft Office, Windows, Azure, Dynamics, and System Center. These vulnerabilities could empower attackers to gain elevated privileges, access sensitive information, execute remote code attacks, perpetrate spoofing attacks, or trigger denial of service conditions.

On Thursday, CERT-in also raised a similar advisory for Schneider Electric products, which included Trio E-Series ethernet data radio, Trio Q-Series ethernet data radio, and Trio J-Series.