Security researchers have found a number of severe vulnerabilities in some very popular Apple products that could enable hackers to take control of their devices and use data obtained from these devices for rather nefarious activities.
The Indian Computer Emergency Response Team (CERT-In), which is the Central cyber security agency for India, has warned about some severe vulnerabilities in the Apple Watch, certain versions of Macs, iPhones, as well as iPad. Given the boom of smartwatches and fitness trackers in India, and the number of people who have gone for an Apple Watch, the device is likely going to be the most targeted one.
CERT-In warned of multiple vulnerabilities in the Mac operating system and the vulnerabilities were classified as ‘critical’, which is the most serious rating in cyber security parlance.
“Multiple vulnerabilities have been reported in the Apple Mac OS which could be exploited by a remote attacker to execute arbitrary code, bypass security restrictions and cause a denial of service conditions on the targetted system,” the advisory stated.
What this means is that a hacker could run any commands or code of their choice on a target device after gaining control of the device using the vulnerability.
Apple has released patches for both the vulnerabilities, which can be installed by downloading the latest updates to the products. However, what makes the matter even more serious is that, by Apple’s own admission, these vulnerabilities might have already been exploited by hackers.
“Apple is aware of a report that this issue may have been actively exploited,” Apple said in a statement regarding the two vulnerabilities on its official website.
Apple devices running iOS & iPadOS versions prior to 15.5 have been rated highly severe. macOS Catalina prior to security update 2022-004, versions of macOS Big Sur prior to 11.6.6, and versions of macOS Monterey prior to 12.4 have been rated critically severe.
As for the Apple Watch, any device running watchOS versions prior to watchOS 8.6 is highly severe. Users who are using older versions of these OS should update their devices as soon as they can. If updating your device isn’t an option, the least you can do is remove all sensitive, and critical data from these devices.
People in the cyber security community have an unwritten rule, according to which, whenever a researcher finds a vulnerability in a product, they inform the manufacturer first and give them ample time to resolve it, before making their research public. This is done so that the manufacturers can fix these issues and release updated software patches for the vulnerabilities.
Given how often we store a ton of personal data, and vital information such as our PAN and Aadhar data, as well as our banking and social media credentials, on our smartphones, these vulnerabilities can wreak havoc in a person’s life when a hacker gets access.