Urgent alert: Government warns Apple users about severe security flaws – Is your device safe?

The Indian Computer Emergency Response Team (CERT-In), Government’s statutory agency for cyber security, has issued a critical warning to Apple users, highlighting multiple vulnerabilities in various Apple products, including iPhones, iPads, Macs, and others.

These vulnerabilities could potentially lead to severe consequences, such as sensitive information leaks, arbitrary code execution, security bypasses, denial of service (DoS) attacks, and spoofing attacks.

Scope of vulnerabilities

According to the CERT-In advisory dated August 2, the affected Apple software versions are as follows:

1. iOS and iPadOS: Versions prior to 17.6 and 16.7.9
2. macOS Sonoma: Versions prior to 14.6
3. macOS Ventura: Versions prior to 13.6.8
4. macOS Monterey: Versions prior to 12.7.6
5. watchOS: Versions prior to 10.6
6. tvOS: Versions prior to 17.6
7. visionOS: Versions prior to 1.3
8. Safari: Versions prior to 17.6

Urgent action required

The central agency has urged all Apple users to apply the necessary software updates as listed by the company to mitigate any high-level risks. These updates are crucial to protect devices from being exploited by the identified vulnerabilities. However, Apple has not yet confirmed any security risks from their side.

Mercenary spyware threat

In a related development, Apple has recently issued warnings to iPhone users in India and 97 other countries about potential “mercenary spyware attacks” that could compromise their devices. This marks the second such notification campaign by the tech giant this year, following a similar alert sent to users in 92 countries in April.

Apple’s warning message to users is direct and alarming: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.” The company emphasised the sophistication of these attacks, which are likely targeting specific individuals due to their identity or occupation.

The alert urged recipients to take the warning seriously: “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning—please take it seriously.”

The recent alerts are reminiscent of those issued in April, warning users about potential exposure to Pegasus-type “mercenary spyware.” Governments have historically used spyware to monitor human rights activists, journalists, and opposition leaders. Many of the recent security breaches affecting Apple users have been attributed to the Israel-based NSO Group.