A “virtual” confrontation between the Centre and US-based tech giant Apple escalated on Wednesday after the Government agencies issued a ‘high risk” warning for users of Apple’s iPhones, MacBooks, iPads and Vision Pro headsets highlighting a critical vulnerability, identified in connection to “remote code execution” in various Apple products.
The Indian Computer Emergency Response Team (CERT-In) has issued a high severity warning for users of Apple products in India. The agency has found multiple vulnerabilities that could allow hackers to access information on a user’s device.
This year a massive controversy erupted after some Opposition leaders claimed that they had received a message from Apple that the users iPhone could become a victim of State sponsored hackers which the Government rejected and a related probe is underway.
Interestingly while other confrontations between the Centre and social platforms like Facebook, Twitter (now X), YouTube were sorted out after the latter `conceded’ to all the Government’s directives, Apple has maintained that helping any probe agencies world over including the FBI to crack data of its users will set a dangerous precedent.
The latest confrontation between the Centre and Apple comes a day after the Enforcement Directorate (ED) request to ‘unlock’ the data of the iPhone of liquorgate scam accused Delhi Chief Minister Arvind Kejriwal was turned down by the iPhone manufacturer.
The CERT advisory said the vulnerability affects a range of Apple software and hardware, including Apple Safari versions prior to 17.4.1, Apple macOS Ventura versions prior to 13.6.6, Apple macOS Sonoma versions prior to 14.4.1, Apple visionOS versions prior to 1.1.1, Apple iOS and iPadOS versions prior to 17.4.1, and Apple iOS and iPadOS versions prior to 16.7.7.
This vulnerability poses a significant threat as it allows remote attackers to execute arbitrary code on the targeted systems. The exploit leverages an out-of-bounds write issue in WebRTC and CoreMedia, enabling attackers to compromise devices remotely.
According to the advisory, users of iPhone XS, iPad Pro 12.9-inch, iPad Pro 10.5-inch, iPad Pro 11-inch, iPad Air, iPad, and iPad mini are susceptible if their devices are running iOS and iPadOS versions prior to 17.4.1.
Additionally, iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation users are at risk if their devices are not updated to iOS and iPadOS versions 16.7.7 or later.
MacBook users are also urged to update their systems, with macOS Ventura versions prior to 13.6.6 and macOS Sonoma versions prior to 14.4.1 being vulnerable. Moreover, users of the Apple Vision Pro headset should take note of the vulnerability in visionOS versions prior to 1.1.1.
To ensure the security of devices, it has urged users to follow these essential steps. First, keep your Apple iOS and iPadOS devices updated with the latest software versions to benefit from security fixes. Apply any security patches provided by Apple, especially those addressing vulnerabilities highlighted by CERT-In.
When connecting to networks, prioritise secure connections and avoid unsecured or public Wi-Fi networks to minimise the risk of unauthorised access. Enable two-factor authentication (2FA) for an added layer of security, which can mitigate the impact of credential compromises.
Exercise caution when downloading apps or software, sticking to trusted sources like the Apple App Store to avoid potential threats. Regularly backup your important data to protect against data loss due to security breaches or system failures.
Stay informed about security alerts and advisories from reputable sources such as CERT-In or Apple to take proactive measures against emerging threats and ensure the ongoing security of your devices.
According to sources, Kejriwal said by accessing his mobile phone data and chats, the ED would be privy to details of AAP’s “election strategy” and alliances.
In 2016, Apple CEO Tim Cook had told his employees that the refusal to cooperate with a US Government to unlock an iPhone used by Syed Farook, one of the two shooters in the San Bernardino attack, was a “defence of civil liberties”.
Union IT Minister Ashwini Vaishnaw in the midst of Budget Session had asked the Opposition to submit their phones and cooperate in investigation to find the truth over Apple allegedly sending a message to them about “State-sponsored hackers” trying to attack their iPhones.
While Vaishnaw asserted that only making allegations will not work and there must be cooperation with the law-enforcement agencies, at the same time Apple released a clarification such advisories have been sent to people in 150 countries.