Cert-In warns of multiple vulnerabilities in iPhones, iPads, Telecom News, ET Telecom

Chennai: Multiple vulnerabilities have been reported in Apple iOS and iPadOS that allows a tracker to remotely access private data, execute arbitrary code, spoof the interface address, or cause a denial of service on the targeted device, the Indian Computer Emergency Response Team (Certificate) said in an advisory note on Wednesday.

The cybersecurity watchdog said the vulnerability is being exploited in the wild and users are advised to apply appropriate software updates, as noted in the latest Apple Security updates.

According to reports, the “CVE-2022-42827” issue affects Apple iOS 16.1, Apple iOS versions prior to 16.0.3, and iPadOS versions prior to 16. Apple iPhone 8 and later, iPad Pro Call models, iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later are among the affected list devicessaid Cert-In in his note.

According to the report, the severity of the vulnerability is high.

The vulnerability exists due to inadequate security controls in the AppleMobileFileIntegrity component and a host of other factors, it said.

“A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or program,” the note said. “Successful exploitation of these vulnerabilities could allow the attacker to access sensitive information, execute arbitrary code, spoof the interface address, or get denial-of-service conditions on the targeted system.”

On the same day, the watchdog also reported multiple vulnerabilities in Apple Safari versions prior to 16.1. It said the vulnerabilities could allow an attacker to spoof URLs, disclose sensitive information or execute arbitrary code on the target system. As a solution, Cert-In said that users should apply the appropriate patches, as stated by Apple. This vulnerability was also rated as having a ‘high’ severity.