CERT-in Flags High-Risk Security Flaws in Apple, Samsung Devices; iPhone, iPad Vulnerable to Exploits

Apple, Samsung and other smartphone manufacturers issue timely updates and security patches to keep their devices robust against various threats and vulnerabilities. Despite regular fixes, both iOS and Android platforms could fall prey to malicious exploits. The government has issued high-risk security alerts for users of both Apple and Samsung devices. The Indian Computer Emergency Response Team (CERT-In) has flagged severe vulnerabilities in Apple and Samsung products this week. The reported vulnerabilities could put users’ sensitive information at risk.

In an advisory issued December 15, CERT-In reported multiple vulnerabilities in Apple products. These vulnerabilities affect iPhone, iPad, Mac, Apple TV, Apple Watch and Safari Web browser. According to CERT-In, iOS and iPadOS versions prior to 17.2 and 16.7.3, macOS Sonoma versions prior to 14.2, macOS Ventura versions prior to 13.6.3, macOS Monterey versions prior to 12.7.2, tvOS versions prior to 17.2, watchOS versions prior to 10.2, and Safari versions prior to 17.2 are all facing high-risk vulnerabilities.

“Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, and perform spoofing attacks on the targeted systems,” CERT-In said in the advisory.

The nodal security agency, which comes under the Ministry of Electronics and Information Technology (MeitY), warned that two of the vulnerabilities reported, CVE-2023-42916 and CVE-2023-42917, could be exploited by malicious entities and urged users to update to the latest OS patches.

Additionally, CERT-In also issued a vulnerability note for Samsung products on December 13, flagging Android versions 11, 12, 13, and 14 on Samsung devices under high risk of threats that could allow attackers to bypass security restrictions, access sensitive user information, and run arbitrary code on the targeted system.

The vulnerabilities on Samsung devices could be exploited to access device SIM PIN and send a broadcast with elevated privilege, among other actions. Samsung users can get the newest OS update on their devices, along with the latest security patch, to avoid falling prey to these threats.

Last month, CERT-In had warned of multiple security vulnerabilities affecting older iPhone and iPad models. In its vulnerability note CIVN-2023-0303 issued earlier in October, CERT-In had flagged security flaws that had affected older versions of iOS and iPadOS. The vulnerabilities affected OS versions prior to iOS 16.7.1 and iPadOS 16.7.1, according to the agency.