CERT-In Releases High-Risk Alert for Apple and Samsung Users.
On December 17, CERT-In (Indian Computer Emergency Response Team) raised concerns about significant vulnerabilities affecting users of Apple and Samsung products, posing a potential risk to sensitive information. The nodal security agency, operating under the Ministry of Electronics and Information Technology, highlighted two vulnerabilities, namely CVE-2023-42916 and CVE-2023-42917, advising users to promptly update to the latest operating system patches.
CERT-In issued an advisory outlining multiple vulnerabilities in Apple products, impacting iPhone, iPad, Mac, Apple TV, Apple Watch, and the Safari web browser. The identified vulnerabilities are present in iOS and iPadOS versions before 17.2 and 16.7.3, macOS Sonoma versions before 14.2, macOS Ventura versions before 13.6.3, macOS Monterey versions before 12.7.2, tvOS versions before 17.2, watchOS versions before 10.2, and Safari versions before 17.2. These vulnerabilities expose users to risks such as unauthorized access, arbitrary code execution, security restriction bypass, denial of service (DoS) conditions, authentication bypass, elevated privilege exploitation, and spoofing attacks.
CERT-In emphasized the urgency of updating devices to mitigate these risks. Additionally, the agency issued a vulnerability note for Samsung products on December 13, flagging Android versions 11, 12, 13, and 14 on Samsung devices as high-risk targets for potential threats. Attackers could exploit these vulnerabilities to bypass security restrictions, access sensitive user information, and execute arbitrary code on the targeted system. Actions such as accessing the device SIM PIN and broadcasting with elevated privilege were cited as potential risks. Samsung users were advised to promptly update their devices with the latest operating system and security patches to safeguard against these threats.
This advisory follows a previous warning from CERT-In regarding security vulnerabilities affecting older iPhone and iPad models, issued in October. Despite regular updates and security patches from manufacturers like Samsung, vulnerabilities persist, and the government has issued high-risk security alerts for users of both Apple and Samsung devices.