The use of Apple’s iPhone and iPad may be dangerous as a number of serious security vulnerabilities have been discovered by Indian Computer Emergency Response Team (CERT-In). The faults appeared to be of a high level and may have provided a gateway for wireless monitoring of the devices for cyberattacks. Now Apple has released a patch that appears to have corrected a number of serious security vulnerabilities on the company’s iPhone and iPad.
Warning from CERT-in said, “Multiple vulnerabilities have been reported in Apple iOS and iPadOS which could allow a remote attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted system.”
A number of vulnerabilities in iPhone and iPad have been reported by Indian Computer Emergency Response Team (CERT-In) and if exploited remotely, they could give a hacker access to sensitive information and enable them to run arbitrary code.
According to the govt. these vulnerabilities exist in Apple iOS and iPadOS due to Improper security restrictions in AppleMobileFileIntegrity component; Improper bounds check in AVEVideoEncoder component; Improper validation in CFNetwork component; Improper entitlement in Core Bluetooth component; Improper memory handling in GPU Drivers component; Memory corruption issue in IOHIDFamily component; Use after free issue and Race condition issue in IOKit component: Improper memory handling and Out-of-bounds write issue in Kernel component; Use after free issue, Improper memory handling and Race condition issue in PPP component; Impropersecurity restrictions and Improper path validation in Sandbox component; Improper UI handling, Type confusion issue and Logic issue in Webkit component; Use-after-free error in Webkit PDF component; Improper input validation in Mail component. A remote attacker could exploit these vulnerabilities by persuading the victim to open a specially crafted file or application.
Successful exploitation of these vulnerabilities could allow the attacker to gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted system.
As per CERT-in Apple iOS 16.1 and iPadOS version prior to 16 which includes iPhone 8 and later, iPad Pro(all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later. Apple iOS versions prior to 16.0,3 which include iPhone 8 and later are also affected. According to the advisory, users of these devices must immediately update their gadgets, as both Apple and CERT-In have stated in their vulnerability advisories.
For the latest gadget and tech news, and gadget reviews, follow us on Twitter, Facebook and Instagram. For newest tech & gadget videos subscribe to our YouTube Channel. You can also stay up to date using the Gadget Bridge Android App. You can find the latest car and bike news here.
