The Indian Computer Emergency Response Team (CERT-In), the country’s central cyber security body, has issued a warning regarding serious flaws in the Apple Watch, select Macs, iPhones, and iPads. Given the popularity of smartwatches and fitness trackers in India and the number of individuals who have purchased an Apple Watch, it seems expected that the gadget will be the most popular.
Researchers have discovered a number of serious flaws in Apple products that might let hackers take control of their devices and exploit data gathered from them for evil purposes.
Multiple vulnerabilities in the Mac operating system were identified by CERT-In, and the flaws were classed as ‘critical’ the highest serious ranking in cyber security terms.
‘Multiple vulnerabilities have been reported in the Apple Mac OS which could be exploited by a remote attacker to execute arbitrary code, bypass security restrictions and cause a denial of service conditions on the targetted system’, the advisory stated.
This implies that after getting control of a target device via the vulnerability, a hacker may run whatever instructions or programmes they wanted on it.
Apple has issued fixes for both vulnerabilities, which can be downloaded along with the current product upgrades. According to Apple, what makes the situation worse is that these vulnerabilities may have already been exploited by hackers.
‘Apple is aware of a report that this issue may have been actively exploited’, Apple said in a statement regarding the two vulnerabilities on its official website.
Apple devices using iOS and iPadOS versions previous to 15.5 have been classified as extremely dangerous. Versions of macOS Catalina before security update 2022-004, versions of macOS Big Sur before 11.6.6, and versions of macOS Monterey before 12.4 have all been graded critical.
Any Apple Watch running watchOS versions previous to watchOS 8.6 is extremely dangerous. Users using earlier versions of these operating systems should update as soon as possible. If upgrading your device isn’t a possibility, at the very least, delete any sensitive and crucial data from these devices.
In the cyber security field, there is an unwritten rule that anytime a researcher discovers a vulnerability in a product, they must first notify the manufacturer and allow them adequate time to fix it before making their findings public. This is done so that the makers can address the problems and provide new software patches to address the flaws.
Given how frequently we save a large amount of personal data and sensitive information on our cellphones, such as our PAN and Aadhar numbers, as well as our banking and social media credentials, these flaws may cause havoc in a person’s life if a hacker gains access.
Post Your Comments