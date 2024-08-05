Indian Computer Emergency Response Team (CERT-In) has flagged security vulnerabilities in Apple devices.
"Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, executive arbitrary code, bypass security restrictions, cause a denial of service (DoS) and perform spoofing attacks on the targeted system," said CERT-In.
Apple has acknowledged the issues and has rolled out a big update (around 1GB size in size) to all its devices including iPhones, Macs, iPads, watches, and Apple TVs.
The new update fixes security issues in WebKit, ImageIO, and core elements of Apple devices that could have let attackers steal information and also crash applications on iPhones by performing Distributed Denial of Service (DDoS) attacks.
In the new software release note, the company says the new update resolves the authentication issue in the Photos album, which allows users to view hidden images and videos without security verification.
It also fixes security issues in the Family Sharing feature, which could have let the malicious app track the device location of the owner and his/her loved ones.
Also, it fixes a similar issue in Siri, which could have let attackers access sensitive user information on iPhones.
In a related development, CERT-In has also warned computer owners to be wary of messages or emails from unknown senders about CrowdStrike software update.
Hackers are reportedly sending out messages with URL links to people to update their devices to protect themselves from malware that caused the global Microsoft outage in mid-July.
It should be noted that the Microsoft outage was actually caused by buggy software update rolled out security firm CrowdStrike.
Hackers are misusing the incident to hoodwink users by sending compromised website link to computer device owners. If they click on the link, they will be asked to download malware-laced application/s. Once installed, these can wipe clean sensitive information, including personal photos/videos and even financial credentials of the bank account details.
Published 05 August 2024, 08:34 IST