‘Remote attacker…’: Centre issues warning on Apple iOS & Ipad OS

The Centre on Wednesday warned users of Apple iOs and iPadOS against multiple vulnerabilities in the two operating systems which could help a remote attacker gain access to sensitive information, execute arbitrary code , spoof interface address or deny service conditions on the targeted systems.

The Indian Computer Emergency Response Team (CERT-IN) a nodal agency under the ministry of electronics and information technology, said the vulnerabilities existed in Apple iOS and iPadOS due to improper security restrictions in AppleMobileFileIntegrity component, improper bounds check in AVEVideoEncoder component, improper validation in CFNetwork component, improper entitlement in CoreBluetooth component to name a few.

“A remote attacker could exploit these vulnerabilities by persuading a victim to open a specially crafted file or application. Successful exploitation of these vulnerabilities could allow the attacker to gain access to sensitive information, execute arbitrary code, spoof interface address or deny service conditions on the targeted systems”, CERT-IN said in the advisory.

The CERT-IN has recommended applying proper security updates to stay protected.

Here are the softwares which are affected as per this warning of high severity.

Apple iOS 16.1 and iPadOS versions prior to 16

1) iPhone 8 and later

2) iPad Pro (all models)

3) iPad Air 3rd generation and later

4) iPad 5th generation and later

5) iPad mini 5th generation and later

On September 14, the CERT-IN had issued another warning to select Apple users over multiple vulnerabilities 'which could allow an attacker to ‘gain elevated privileges, execute arbitrary code, disclose sensitive information and bypass security restriction on the targeted system’.