Apple users in India received a significant alert from the Indian government's nodal security agency this week. The alert by the Indian Computer Emergency Response Team (CERT-In) issued on April 2, 2024, carries a high severity rating. The gravity of this security issue cannot be overstated as it impacts critical components of Apple devices, including iPhones and Macs. In this article, we will delve into the details of this vulnerability, discuss which devices are affected, and provide guidance on securing your iPhone to mitigate potential threats.


Which Devices Are Under Threat



  • Apple Safari version 17.4.1 and older 

  • Apple macOS Ventura version 13.6.6 and older

  • Apple macOS Sonoma version 14.4.1 and older

  • Apple visionOS version 1.1.1 and older

  • Apple iOS and iPadOS version 17.4.1 and older

  • Apple iOS and iPadOS version 16.7.7 and older


The security issue extends to various Apple software versions, impacting the latest devices such as the iPhone 15 Pro Max and the Vision Pro headset. Additionally, a range of iPad and iPad Pro models, along with their corresponding software versions, are included in the affected list. It's important to note that users of older iPhone models like 8, 8 Plus, and iPhone X should also be mindful of this vulnerability.


What Does The CERT-In Alert Says


According to CERT-In, there are security vulnerabilities present in Apple products that could enable attackers to execute arbitrary code on the system they target.


The vulnerability in Apple products stems from out-of-bounds write problems in WebRTC and CoreMedia. A remote attacker could take advantage of this vulnerability by convincing the victim to access a specifically crafted request.


How To Safeguard Yourself Amidst This Threat


It's generally advised that individuals promptly update their Apple devices to the latest available software versions.


For those whose devices are restricted to software versions mentioned here, it's advisable to contemplate upgrading to a new device to mitigate the risk of being targeted by malicious actors.