A new security hole that might let attackers take over customers’ Apple devices has been alerted to by the Indian government with high severity. The WebKit browser engine, which is used by Safari and other browsers, has a vulnerability. It is found in Apple products, including the watch and the iPhone. By luring users into visiting a rogue website or opening a malicious attachment, attackers might take advantage of the vulnerability. If the attack is successful, the attackers could access the user’s private files and information. Furthermore, they might even be able to infect the user’s device with malware. Continue reading to know more.
Addressing The Vulnerabilities
The Ministry of Electronics and Information Technology of the Government of India oversees the Indian Computer Emergency Response Team (CERT-In or ICERT). It is the primary organization in charge of addressing dangers to online security, like hacking and scams. It improves the Indian Internet domain’s security defenses.
“These vulnerabilities exist in Apple products as a result of a certificate validation issue in the Security component, a kernel issue, and a Webkit component error.” An attacker could exploit these flaws by sending specially crafted queries,” according to an official release from CERT-IN.
These flaws in certificate validation are present in the products due to problems with the Security component, the Kernel, and the WebKit component. By submitting a request that is skillfully written, an attacker could take advantage of these weaknesses. These flaws could allow an attacker to override security measures on the targeted system or run arbitrary code, giving them greater access rights.
The Following Are Affected Apple Models
- Apple macOS Monterey versions prior to 12.7
- Apple macOS Ventura versions prior to 13.6
- Apple watchOS versions prior to 9.6.3
- Apple watchOS versions prior to 10.0.1
- Apple iOS versions before 16.7 and iPadOS versions prior to 16.7
- Apple iOS versions prior to 17.0.1 and iPadOS versions prior to 17.0.1
- Apple Safari versions before 16.6.1
What You Can Do To Be Safe
Users are encouraged to update their devices to the newest watchOS, tvOS, and macOS versions to protect their personal data, as recommended by the national cybersecurity authority in charge of supervising security issues across various software releases.
According to media sources, if software vulnerabilities are not resolved, attackers may acquire access to Apple watches, TVs, iPhones, and MacBooks. The Company has made the necessary upgrades available on its official website, cert-in.org.in, to fix this issue. This guarantees that users can minimize any security issues.