Indian Government Says Apple Product Users In India Are Under 'High Risk'

The government of India has issued a high-risk warning for those using Apple devices like iPhones and iPads. This warning has been posted by CERT-In (Computer Emergency Response Team), which is an office within the Ministry of Electronics and Information Technology of the Government of India.

CERT-In has been operational since January 2004, and it deals with cybersecurity in India. In its latest warning, the Indian government agency claims Apple products like the iPhone. Apple Watch, MacBooks and iPads are affected by various vulnerabilities.

High-risk warning for Apple product users

CERT-In has posted the latest warning on its official website through Vulnerability Note CIVN-2023-0303, which highlights a slew of vulnerabilities that are found in the above-mentioned Apple products.

According to the vulnerability note, the vulnerabilities in Apple products pose a significant threat. Furthermore, the note urges users to update their Apple devices.

The latest note also attributes the new vulnerabilities in Apple products to the lack of validation within the kernel component. Also, a buffer overflow issue in the WebRTC component is equally responsible for the recently detected vulnerabilities in iPhones and other Apple devices.

These vulnerabilities include security feature bypass, bypass authentication, remote code execution, DoS (denial of service), information disclosure and more.

According to the note, any remote attacker can take advantage of these vulnerabilities and get access to elevated privileges. As a result, they will be able to execute arbitrary code on the victim's Apple product.

In other words, a remote attacker can use these vulnerabilities to gain full control of the device and pose a major security risk to the device owner. The CERT-In vulnerability note has also shed light on the software affected.

if your Apple device is running on an older operating system version, it is recommended to download and install the latest update as soon as possible. Let's check out the software affected by these vulnerabilities:

• iOS prior to iOS 17.1/16.7.2/15.8
• iPadOS prior to iPadOS 17.1/16.7.2/15.8
• macOS Sonoma prior to 14.1, macOS Ventura prior to 13.6.1, and macOS Monterey prior to 12.7.1
• tvOS prior to 17.1
• watchOS prior to 10.1
• Safari prior to 17.1

Apple has a reputation for rolling out updates and patches to address security issues. The Cupertino-based tech giant has already rolled out an update that will fix these vulnerabilities. Moreover, the company is reportedly working on a system that can load up the latest software onto unopened iPhones.

It is imperative to keep your Apple devices updated with the latest software and security patches to keep your devices safe and protected from external attacks and bugs. For instance, an iOS 17 bug was causing some iPhone models to turn themselves off at night earlier this month.

Opposition leaders warned of possible iPhone compromise

Apple has reportedly emailed at least 7 leaders from the political alliance I.N.D.I.A. (Indian National Developmental Inclusive Alliance), warning them that state-sponsored attackers are probably trying to compromise the iPhones linked to their IDs.

These leaders include Congress's Shashi Tharoor, Pawan Khera and Supriya Shrinate, Shiv Sena's Priyanka Chaturvedi, Trinamool Congress's Mahua Moitra, Aam Aadmi Party's Raghav Chadha and Communist Party of India's Sitaram Yechury.

Aside from that, All India Majlis-E-Ittehadul Muslimeen's Asaduddin Owaisi has also been notified. Apple also got in touch with The Wire's founding editor Siddharth Varadarajan.

The company also warned resident editor of Deccan Chronicle Sriram Karri, Hyderabad-based independent journalist Revathi Pogadadanda, and Observer Research Foundation's Samir Saran.

In a statement, Apple said: "State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete."

The statement further noted that there is a possibility some Apple threat notifications may be false alarms, or some attacks aren't detected.

"We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future," the statement clarified.