CERT-In flags security flaws in iPhones, iPads, Macs with outdated software

The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk advisory for Apple users, warning of multiple security vulnerabilities affecting devices running outdated software. These flaws impact iPhones, iPads, Macs, Apple TV, and Safari browser versions that have not been updated to the latest software releases.

 

Who is affected?

 

The advisory specifically targets users running iOS versions earlier than 18.4, 16.7.11, or 15.8.4, along with outdated iPadOS, macOS, tvOS, visionOS, and Safari versions. Both people and organisations are at risk.

 

CERT-In had issued a similar advisory earlier this year that also included vulnerabilities affecting Apple Watches running outdated software.

 

What's the risk?

 

CERT-In has classified the vulnerabilities as “High” severity, stating that they could allow:

• Unauthorised access to sensitive data
• Execution of arbitrary code
• Bypassing security restrictions
• Denial of service (DoS) attacks
• Data manipulation and spoofing attacks
• These vulnerabilities, if exploited, could severely compromise device security and user privacy.

Apple’s response

 

Apple has patched these vulnerabilities in its latest software updates. CERT-In strongly recommends that all users update their devices to the latest available versions immediately to safeguard against potential security breaches.

 

 

Affected software versions

 

Users are advised to update if using any of the following:

• Safari: versions prior to 18.4
• Xcode: versions prior to 16.3
• iOS: versions prior to 18.4, 16.7.11, or 15.8.4
• iPadOS: versions prior to 18.4, 17.7.6, 16.7.11, or 15.8.4
• macOS Sequoia: versions prior to 15.4
• macOS Sonoma: versions prior to 14.7.5
• macOS Ventura: versions prior to 13.7.5
• tvOS: versions prior to 18.4
• visionOS: versions prior to 2.4