Government issues high severity warning for iPad, iPhone users

Indian Computer Emergency Response Team (CERT-In) has issued a high severity warning for iPhones and iPad users, highlighting certain vulnerabilities that could be exploited by a potential attacker. The cyber security watchdog has also issued a follow-up alert for other products, including the Safari browser, Vision Pro, MacBooks and Apple Watches. In the first warning issued on March 15, CERT-In said several vulnerabilities had been found in Apple's iOS and iPadOS.

The vulnerabilities “allow an attacker to trigger denial of service condition, execute arbitrary code, sensitive information disclosure and bypass security restriction on the targeted system."

According to CERT-In, these vulnerabilities exist for a number of reasons, including improper validation in Bluetooth, MediaRemote, Photos, Safari and Webkit components. There are also privacy-related issues in ExtensionKit, Share Sheet, memory corruption, lock screen and timing side channel.

According to the warning by CERT-In, the issue affected iOS and iPadOS devices running on versions prior to 16.7.6 like the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. Moreover, the issue also affects iOS and iPadOS versions prior to 17.4 versions like the iPad Pro 10.5 and 11 inches, iPad Air 3rd gen and iPad Air 6th generation and later versions.

CERT-In has warned that users should update their iPhones and iPads to the latest version in order to protect themselves from these vulnerabilities. Older devices that aren't a part of the update cycle are advised to apply the appropriate security patches from Apple's website.