The Indian Computer Emergency Response Team (CERT-In) has issued a “severe” warning regarding multiple vulnerabilities discovered in various Apple devices, including iPhones, iPads, Macs, and more. These security flaws could potentially expose users to risks such as sensitive information leaks, unauthorized code execution, security bypasses, denial of service (DoS) attacks, and spoofing attacks.

Affected Software and Mitigation

According to the CERT-In advisory released on August 2nd, the vulnerabilities affect a wide range of Apple software versions, including iOS and iPadOS versions prior to 17.6 and 16.7.9, macOS Sonoma versions prior to 14.6, macOS Ventura versions prior to 13.6.8, macOS Monterey versions prior to 12.7.6, watchOS versions prior to 10.6, tvOS versions prior to 17.6, visionOS versions prior to 1.3, and Safari versions prior to 17.6.

To address these high-level risks, CERT-In strongly urges all Apple users to promptly install the necessary software updates provided by Apple.

Apple’s Response and Spyware Concerns

While Apple has not yet confirmed any security breaches resulting from these vulnerabilities, the company has been actively sending alerts to users in over 150 countries, including India, warning them about potential “mercenary spyware attacks.” These attacks, similar to the notorious Pegasus spyware from the NSO Group, are designed to remotely compromise iPhones.

Several prominent figures, including Iltija Mufti and Pushparaj Deshpande, have publicly acknowledged receiving notifications from Apple regarding potential threats to their devices.

Apple’s threat notification emphasizes the exceptional rarity and sophistication of these mercenary spyware attacks, distinguishing them from typical cybercriminal activities or consumer malware.

Government and Agency Silence

As of now, neither the Ministry of Electronics and Information Technology (MeitY) nor Apple has responded to inquiries regarding these security concerns. CERT-In continues to closely monitor the situation and advises users to remain vigilant and keep their devices updated with the latest security patches.

The CERT-In warning and Apple’s spyware alerts highlight the increasing sophistication of cyber threats targeting even the most secure devices. It’s crucial for users to remain vigilant, promptly install updates, and follow security best practices to protect their sensitive information. As the situation unfolds, CERT-In will continue to monitor and provide updates, ensuring the safety and security of Apple users in India.

About the author

View All Posts

Mahak Aggarwal

With a BA in Mass Communication from Symbiosis, Pune, and 5 years of experience, Mahak brings compelling tech stories to life. Her engaging style has won her the 'Rising Star in Tech Journalism' award at a recent media conclave. Her in-depth research and engaging writing style make her pieces both informative and captivating, providing readers with valuable insights.