The Indian Computer Emergency Response Team (CERT-In) has issued a ‘severe’ warning to Apple users in India, highlighting multiple vulnerabilities in Apple products like iPhones, iPads, Macs and more. These vulnerabilities are expected to head on to sensitive information leaks, arbitrary code execution, denial of service (DoS) attacks, security bypasses and spoofing attacks.
Affected Apple products
As per the advisory which was dated August 2 (2024), several Apple software versions have been affected. Specifically, the vulnerabilities impacting:
- iOS and iPadOS: Versions before 17.6 and 16.7.9
- macOS Sonoma: Versions before 14.6
- macOS Ventura: Versions before 13.6.8
- macOS Monterey: Versions before 12.7.6
- watchOS: Versions earlier than 10.6
- tvOS: Versions earlier than 17.6
- visionOS: Versions before 1.3
- Safari: Versions before 17.6
CERT-In strongly urges Apple users to apply the necessary software updates provided by Apple to mitigate these risks. Despite the warning, Apple has not officially confirmed any security risks related to these vulnerabilities from their side.
Mercenary Spyware Threats
For these vulnerabilities, Apple has been sending alerts to users in over 150 countries, including India, about potential ‘mercenary spyware attacks’.
These attacks are similar to the infamous Pegasus spyware developed by the NSO Group and aim to remotely compromise iPhones.
Apple's notifications are further intended to inform users about these sophisticated spyware threats, which are more advanced than typical cybercriminal activities or consumer-grade malware. Prominent individuals like Iltija Mufti, the media adviser and daughter of former Jammu and Kashmir chief minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation, have publicly acknowledged receiving alerts from Apple regarding potential hacks on their phones.
Official responses and user guidance from CRET-In
The Ministry of Electronics and Information Technology (MeitY) and Apple have not yet responded to queries regarding these security issues. Meanwhile, CERT-In continues to closely monitor the situation and advises users to stay informed and apply the latest security patches as they become available. This proactive approach is crucial to safeguarding against evolving threats from these vulnerabilities and potential spyware attacks.
Apple's threat notification emphasizes that these mercenary spyware attacks are exceedingly rare but highlights the need for users to be vigilant and keep their devices updated to protect against these risks.
ALSO READ: TRAI revolutionizes mobile services: compensation for network interruptions now guaranteed