Even the Apple Vision Pro isn't spared from the vulnerability. (Image: geralt/Pixabay)
India’s cybersecurity agency CERT-In on Tuesday issued a warning about a “high” severity flaw that allows remote code execution attacks on a wide range of Apple products.
The vulnerability affects older versions of iOS, iPadOS, macOS, and even visionOS for the Vision Pro headset. It stems from an out-of-bounds write issue in WebRTC and CoreMedia components that enables bad actors to run malicious code on vulnerable devices remotely.
You have exhausted your monthly limit of free stories.
Read more stories for free with an Express account.
Pretty much every recent iPhone (8 and later), iPad (5th gen and newer), and Mac laptop/desktop is impacted if not updated. The Vision Pro is also susceptible on visionOS versions before 1.1.1. Older iPhones like the 8/X and some older iPads are at risk if they haven’t made the jump to iOS/iPadOS 16.7.7 at minimum.
Apple already pushed out patches, so making sure your software is fully updated is crucial. Head to Settings – General – Software Update on your iPhone/iPad, or System Preferences – Software Update on your Mac to install the latest security fixes.
Just so you can be sure, here’s the complete list of affected software as shared by CERT-In:
Apple Safari versions prior to 17.4.1 (Available for macOS Monterey and macOS Ventura)
Apple macOS Ventura versions prior to 13.6.6
Apple macOS Sonoma versions prior to 14.4.1
Apple visionOS versions prior to 1.1.1
Apple iOS and iPadOS versions prior to 17.4.1 (Available for iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later)
Story continues below this ad
Apple iOS and iPadOS versions prior to 16.7.7 (Available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation)
Android isn’t safe either
More recently on Wednesday, CERT-In also disclosed multiple vulnerabilities impacting Android 12 through the latest version 14 that allow escalated privileges, info disclosure, and denial-of-service attacks. Like Apple, these vulnerabilities have also been marked “high” on the severity scale.
The flaws exist in various components like the Android Framework, MediaTek drivers, Qualcomm code, and Google’s Widevine DRM. Thankfully, these vulnerabilities have been patched as well, as part of the April security patch.
Android OEMs are typically slower when seeding security patches rolled out by Google to their devices. However, if the vulnerabilities are indeed as serious as CERT-In has labelled them to be, expect the April update for your Android phone/tablet to roll out quicker than usual.
Story continues below this ad
The bottom line is that you need to keep your eyes peeled for any new updates rolling out for your devices.
Technology on smartphone reviews, in-depth reports on privacy and security, AI, and more. We aim to simplify the most complex developments and make them succinct and accessible for tech enthusiasts and all readers. Stay updated with our daily news stories, monthly gadget roundups, and special reports and features that explore the vast possibilities of AI, consumer tech, quantum computing, etc.on smartphone reviews, in-depth reports on privacy and security, AI, and more. We aim to simplify the most complex developments and make them succinct and accessible for tech enthusiasts and all readers. Stay updated with our daily news stories, monthly gadget roundups, and special reports and features that explore the vast possibilities of AI, consumer tech, quantum computing, etc.
