Using an iPhone or MacBook? Government says update your Apple devices now to protect them from hacking
In a recent advisory, CERT-In has alerted Apple users to critical security vulnerabilities in iPhones, MacBooks and other devices. It has urged users to run software updates immediately to prevent potential hacking risks.
listen to the story
In another cyber security advisory, the Indian Computer Emergency Response Team (CERT-In) has alerted Apple product users, including those using iPhones and MacBooks, about several vulnerabilities. These serious flaws are explained in Advisory CIAD-2024-0058, which highlights issues that, if not addressed by users, could lead to unauthorized access, data theft, or system control by hackers.
In its advisory note, CERT-In outlined two critical vulnerabilities affecting a range of Apple products, including:
iPhone and iPad: Running iOS and iPadOS versions earlier than 18.1.1 and 17.7.2.
MacBook and desktop: Using macOS Sequoia versions earlier than 15.1.1.
Vision Pro: Running a VisionOS version earlier than 2.1.1.
Safari browser: Versions before 18.1.1.
Explaining more about the vulnerabilities, CERT-In has discovered two vulnerabilities:
1. Arbitrary Code Execution (CVE-2024-44308)
This vulnerability exists in JavaScriptCore, which is the engine used by Apple’s Safari browser and other applications to process JavaScript. Malicious actors could exploit this vulnerability by sending specially crafted web content to execute arbitrary code on the target device. This could allow hackers to take control of the system and run unauthorized applications.
2. Cross-Site Scripting (XSS) (CVE-2024-44309)
This vulnerability exists in WebKit, the browser engine behind Safari and other web content on Apple devices. Exploiting this issue involves sending maliciously crafted web content that triggers XSS attacks, potentially allowing attackers to manipulate web pages, steal sensitive data, or impersonate online users.
CERT-In notes that both vulnerabilities pose a serious threat to individual and organizational users.
– Hackers can gain access to sensitive personal or organizational data, such as passwords, financial information, or confidential business files.
– Attackers can steal or alter stored data, potentially leading to identity theft or tampering with records.
– Cyber ​​attackers could exploit these vulnerabilities to crash systems or disrupt normal operations, causing significant downtime.
– Hackers can also gain complete control over affected devices, allowing them to install malware, spy on user activity, or use the system for malicious purposes.
Highlighting the severity of these flaws, CERT-In notes that these vulnerabilities have already been actively exploited on Intel-based Mac systems. Therefore, it advises users to take immediate action.
how to stay safe
To help users protect their Apple devices, CERT-In strongly recommends users to update their devices to the latest software versions. To update:
For iPhone and iPad: Go to Settings > General > Software Update and install the latest iOS or iPadOS version.
For MacBook: Open System Preferences > Software Update and upgrade to macOS Sequoia 15.1.1 or later.
For Vision Pro: Go to Settings > Software Update to make sure you’re on VisionOS 2.1.1 or later.
For Safari browser: Update to version 18.1.1 via the App Store or system update.