The Indian government has warned Apple users about two serious software vulnerabilities that could lead to data theft, unauthorized access, or hackers gaining control of affected systems.
These flaws impact Intel-based Mac systems
The Indian Computer Emergency Response Team (CERT-In) issued the warning, highlighting that these issues impact Intel-based Mac systems, including devices running macOS, iOS, and iPadOS. The vulnerabilities are considered high risk by CERT-In, which operates under the Ministry of Electronics and Information Technology.
Details of the Vulnerabilities
CERT-In explained that attackers could exploit these vulnerabilities to execute arbitrary code or perform Cross-Site Scripting (XSS) attacks. This could result in unauthorized access to sensitive information, denial of service, or data manipulation.
At-Risk Apple Users
The following Apple software versions are affected by these vulnerabilities:
- iOS and iPadOS versions earlier than 18.1.1 and 17.7.2
- macOS Sequoia versions earlier than 15.1.1
- visionOS versions earlier than 2.1.1
- Safari versions earlier than 18.1.1
Recommended Action for Users
To protect against these vulnerabilities, CERT-In advises affected users to update their devices. The recommended updates are:
- iPhone and iPad users should update to iOS 18.1.1 or 17.7.2
- Mac users should install macOS Sequoia 15.1.1
- visionOS users should update to version 2.1.1
- Safari users should update to version 18.1.1
Technical Details of the Vulnerabilities
CERT-In outlined two technical vulnerabilities:
- Safari’s JavaScriptCore Issue: This flaw could allow attackers to execute arbitrary code by sending harmful web content to affected devices.
- WebKit XSS Flaw: This vulnerability could let attackers trigger XSS attacks by sending malicious web content, compromising the device.
CERT-In urges all affected users to update their devices immediately to avoid potential risks.