Centre flags 'vulnerabilities' in iPhones, Apple products; says 'attacker can access sensitive information'

Indian Computer Emergency Response Team (CERT-In), the Centre's security advisor, flagged the security issues in a Friday advisory.

"Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) and perform spoofing attacks on the targeted system," the advisory said.

The vulnerabilities affect a range of Apple software including iOS and iPadOS versions before 17.6 and 16.7.9, macOS Sonoma versions prior to 14.6, macOS Ventura versions before 13.6.8, macOS Monterey versions prior to 12.7.6, watchOS versions prior to 10.6, tvOS versions prior to 17.6, visionOS versions prior to 1.3, Safari versions prior to 17.6.

The severity of the vulnerabilities was marked "high" in the advisory.

Apple, which doesn't confirm security issues until they conduct an investigation, issued their latest security updates last week.

The latest versions of this software are also listed on their portal.

CERT-In has asked users to apply the appropriate software updates listed by Apple.

The government had issued a similar "high risk" warning for iPhones, iPads, MacBooks and VisionPro headsets. The advisory highlighted a critical vulnerability, identified in connection to "remote code execution" in various Apple products.