The Indian Computer Emergency Response Team or CERT-In has issued medium to high-severity warnings for Apple Watch, TV, and Macbook users, in India. The national nodal agency that oversees cybersecurity-related issues in multiple releases states that users must upgrade their devices to the latest watchOS, tvOS, and macOS versions immediately to safeguard their personal data. The government advisories issued between March 31 to April 3 are available on CERT-In’s official website. Apple Watches, TVS, and MacBooks face multiple issues with the software, and if not mitigated, attackers can gain access to the device.
On Macs, the vulnerabilities lie in Apple’s proprietary Safari web browser. CERT-In notes that the flaw exists due to “improper state management” in the WebKit component. The warning adds, “A remote attacker could exploit these vulnerabilities by persuading a victim to a specially crafted web page.” Needless to say, if the user ends up providing information, then sensitive information could be extracted.
Users need to upgrade the Safari version to 16.4. To upgrade the web browser, open the Apple App Store desktop app > Click Updates in the App Store toolbar > Use the Update buttons to download and install any updates listed.
Similarly, Mac users are also advised to upgrade to the MacOS version to ensure their security. CERT-In notes that there are “multiple vulnerabilities” due to “memory issues, improper checks, improper input validation, curl issues, improper bound checks, privacy issues, logic issues, race condition errors, using older version of Vim, and improper state management issues.”
It means an attacker could exploit and can directly manipulate various applications to extract sensitive data.” The agency claims these are high-severity flaws affecting systems running on macOS Ventura versions before 13.3, macOS Big Sur versions before 11.7.5, and macOS Monterey versions before 12.6.4.
Lastly, multiple issues have been found on Apple Watches and Apple TVs. CERT-In notes that these vulnerabilities exist in Apple tvOS and watchOS products due to flaws in “AppleMobileFileIntegrity, Identity Services, Podcasts, TCC, Find My, Shortcuts and WebKit.”
Successful exploitation of these vulnerabilities could allow an attacker to bypass privacy preferences, execute arbitrary code with kernel privileges to gain access to sensitive information, and spoof user interface on the targeted system
