Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Apple product users, highlighting security flaws in Apple devices running older software. The advisory applies to iPhones running iOS versions earlier than 18.1.1 or 17.7.2, iPads and Macs running outdated versions, and older versions of Apple’s Safari web browser.
CERT-In has classified these vulnerabilities as "High risk," warning that they could potentially allow attackers to gain unauthorised access to sensitive user data, cause denial of service, or even lead to data manipulation. The advisory stated that these vulnerabilities could affect both individual and organisational users. It also said that these vulnerabilities may have been “actively exploited” on Intel-based Mac systems.
The advisory said that vulnerabilities exist in JavaScriptCore and on WebKit, both of which are used by Safari browser and other applications on Apple devices. It warns that an attacker could send maliciously crafted web content to an affected device.
Apple has addressed these vulnerabilities in the latest software update for iPhone, iPad, and Mac. CERT-In recommends users to update their devices to the latest software versions to mitigate the risks and protect against potential security breaches.
More From This Section
The full list of affected software includes:
- iOS versions before 18.1.1
- iOS versions before 17.7.2
- iPadOS versions before 18.1
- iPadOS versions before 17.7.1
- Apple macOS Sequoia versions before 15.1.1
- Apple Safari versions before 18.1.1
- Apple visionOS versions before 2.1.1
A similar advisory was issued earlier this month that also included Apple Watches Apple TV products running on older software versions, in addition to iPhones, iPads and Mac devices.