By Consultants Review Team
The Indian Computer Emergency Response Team, CERT-In, has designated Apple iOS and iPad OS devices as having a high severity. The warning is available on the official CERT-In website and was issued on March 15. Multiple vulnerabilities in Apple iOS and iPadOS have been discovered, according to the alert. These flaws might allow an attacker to take control of the system and make it stop operating, execute any code they want, access private data, and circumvent security protections.
According to the CERT-In website, the flaw "allows an attacker to trigger denial of service condition, execute arbitrary code, disclose sensitive information, and bypass security restrictions on the targeted system".
For devices including as the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, the security weakness affects iOS and iPadOS versions prior to 16.7.6. Additionally, it affects versions prior to v17.4 for the following devices: iPad Air 3rd generation and up, iPad 6th generation and up, iPad mini 5th generation and up, iPhone XS and up, iPad Pro 12.9-inch 2nd generation and up, iPad Pro 10.5-inch, and iPad Pro 11-inch 1st generation and up.
According to CERT-In, problems with Bluetooth, libxpc, MediaRemote, Photos, Safari, and WebKit are the result of "improper validation" in these components of Apple's iOS and iPadOS. The ExtensionKit, Messages, Share Sheet, Synapse, and Notes sections all have privacy issues. An further issue is that ImagelO may overflow, and errors in memory may occur in the kernel and RTKit components. There is a timing issue with CoreCrypto, a lock screen issue with Siri, and a logic issue with Safari Private Browsing & Sandbox.
By taking advantage of these flaws, one might compromise system security, access private data, execute unauthorized code, and cause system failures.