The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert to notify Apple product users of noteworthy vulnerabilities identified across various Apple offerings. This alert, cataloged as Vulnerability Note CIVN-2023-0303, was officially released on October 14, 2023. The vulnerabilities in question pertain to Apple iOS and iPadOS. CERT-In, a unit operating under the Ministry of Electronics and Information Technology within the Government of India, is entrusted with the responsibility of handling cybersecurity matters, functioning as the national authority in this sphere.


The agency regularly monitors the digital landscape and disseminates vulnerability notes to apprise users of potential cyber threats. In the most recent bulletin, CERT-In underscored the gravity of these vulnerabilities associated with Apple iOS and iPadOS.


These vulnerabilities outlined in the CERT-In communication are linked to issues in the kernel component, where validation falls short, and a buffer overflow concern within the WebRTC component. These weaknesses potentially open the door for remote attackers to exploit targeted systems by sending meticulously crafted requests.


If successfully exploited, these vulnerabilities could grant remote attackers elevated privileges, enabling them to execute arbitrary code on the compromised system. In simpler terms, this would empower malicious actors to gain full control over the user's device, presenting a substantial security risk.


The affected systems include devices running on Apple iOS and iPadOS versions prior to 16.7.1, encompassing models such as iPhone 8 and newer, all variants of iPad Pro, iPad Air 3rd generation and later, iPad 5th generation and beyond, as well as iPad mini 5th generation and newer.


Here's What You Can Do


To safeguard against these vulnerabilities, CERT-In strongly advises users to apply the recommended updates delivered by Apple in their security releases. Apple has promptly responded to the issue by providing a resolution through its security updates, available at support.apple.com/en-us/HT213972.


It is paramount to acknowledge that Apple routinely issues patches and updates to address security concerns. It is, therefore, critical for users of the affected devices to expeditiously implement these updates to mitigate potential risks associated with the identified vulnerabilities. Failure to do so may render devices susceptible to potential exploitation by malicious entities.