New Delhi: 3 April 2024

A “high-risk” security advisory has been released by the Indian Computer Emergency Response Team (CERT-In) for users of a number of Apple products, such as iPads, MacBooks, iPhones, and Vision Pro headsets. The advisory draws attention to a serious “remote code execution” vulnerability that impacts a number of Apple devices and applications.

The vulnerability impacts several Apple products:

Versions of Apple Safari released before 17.4.1
Versions of Apple macOS Ventura released before 13.6.6
Versions of Apple macOS Sonoma released before 14.4.1
Versions of Apple visionOS released before 1.1.1
iPadOS and Apple iOS versions that were available prior to 17.4.1
Versions of Apple iOS and iPadOS released before 16.7.7

This vulnerability poses a serious risk as it enables remote attackers to execute arbitrary code on the affected devices. The exploit takes advantage of an out-of-bounds write vulnerability in WebRTC and CoreMedia, allowing remote device compromise.

The advisory specifically mentions vulnerable devices:

Users with iOS and iPadOS versions older than 17.4.1 on devices such as iPhone XS, iPad Pro 12.9-inch, iPad Pro 10.5-inch, iPad Pro 11-inch, iPad Air, iPad, and iPad mini.

Users of iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPhone X, iPhone 8, iPhone 8 Plus, iPad 5th generation, and iPad Pro 12.9-inch 1st generation are also at risk if their devices have not been updated to iOS and iPadOS versions 16.7.7 or later.

Additionally, MacBook users are advised to update their operating systems, as vulnerabilities exist in macOS Ventura versions older than 13.6.6 and macOS Sonoma versions older than 14.4.1. Owners of the Apple Vision Pro headset should also be aware of the vulnerability in visionOS versions earlier than 1.1.1.

To mitigate the risk:

1. Install the latest security patch updates for Apple iOS, iPadOS, macOS, and visionOS.
2. Network Security: Avoid using public or insecure Wi-Fi networks to reduce the possibility of unwanted access.
3. Enable Two-Factor Authentication (2FA) for increased security against potential credential breaches.
4. Download software and programs only from reputable sources, such as the Apple App Store, to reduce the risk of infection.
5. Make frequent backups of critical data to protect against loss resulting from system malfunctions or security lapses.