Apple iPhone and iPad users could be at risk. According to an advisory from the Indian Computer Emergency Response Team (CERT-In), several vulnerabilities have been reported in Apple iOS and iPadOS that could allow a remote attacker to access sensitive information, execute arbitrary code, and manipulate the user interface to address or denial-of -Terms of Service on the target device.
Which Apple devices are affected?
According to the recommendation, Apple iOS 16.1, Apple iOS versions earlier than 16.0.3 and iPadOS versions earlier than 16 are affected by the vulnerability – CVE-2022-42827. The list of affected devices includes Apple iPhone 8 and later, iPad Pro Call models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Why does the vulnerability exist in Apple devices?
In its advisory, CERT-In says these vulnerabilities exist in Apple iOS and iPadOS because of
– Improper security restrictions in the AppleMobileFileIntegrity component
– Improper bounds checking in Avevideoencoder component; Improper validation in CrNetwork component
– Invalid permission in Core Bluetooth component
– Improper memory management in the GPU driver component
– Memory corruption issue in IOHIDFamily component
– Use after free edition and race condition issue in IOKit component
– Improper memory handling and out of bounds write issues in the kernel component
– Improper memory management and race condition problem in PPP component
– Use after free issue
– Illegal security restrictions and path validation in the sandbox component
– Improper UI handling, type confusion issue and logic issue in webkit component
– Use-after-free error in WebKit PDF component
– Improper input validation in mail component.
How can the vulnerability affect iPhone users?
These vulnerabilities can be exploited by a remote attacker to trick the victim into opening a specially crafted file or application. Successful exploitation of these vulnerabilities could allow the attacker to gain access to sensitive information, execute arbitrary code, forge the interface address, or force denial of service conditions on the target system.
What should users do?
The CERT-In Advisory states that the vulnerability is being exploited in the wild. Users are advised to apply software updates as mentioned in Apple security updates.
Get all technology news and updates on Live Mint. Download the Mint News app for daily market updates and live economic news.
More less
