The Indian Computer Emergency Response Team (CERT-In), has issued a high security vulnerability for Apple iOS and iPad OS devices. As per the warning, multiple vulnerabilities were found in Apple iOS and iPad OS, which can possibly let someone attack the system to make it stop working, run any code they want, access sensitive information, and get around security measures.
The vulnerability can “allow an attacker to trigger denial of service condition, execute arbitrary code, sensitive information disclose and bypass security restrictions on the targeted system”, CERT-In said on its website.
The security flaw impacts iOS and iPadOS versions earlier than 16.7.6 for devices like iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. It also affects versions before v17.4 for devices like iPhone XS and newer, iPad Pro 12.9-inch 2nd generation and newer, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and newer, iPad 6th generation and newer, and iPad mini 5th generation and newer.
As per CERT-In the issues in Apple’s iOS and iPadOS have been caused because of “improper validation” in Bluetooth, libxpc, MediaRemote, Photos, Safari & WebKit parts. There are also privacy problems in ExtensionKit, Messages, Share Sheet, Synapse & Notes parts. Another problem is that ImagelO can get too full, and the kernel & RTKit parts can have memory mistakes. Safari Private Browsing & Sandbox have a logic issue, while Siri has a lock screen problem, and CoreCrypto has a timing problem.
Exploiting these vulnerabilities could lead to causing system failures, executing unauthorised code, accessing private information, and bypassing security measures.
