Srinagar, Dec 17: The Indian Computer Emergency Response Team (CERT-In) has flagged severe vulnerabilities in Apple and Samsung product users and said that the vulnerabilities could put users’ sensitive information at risk.
The nodal security agency, which comes under the Ministry of Electronics and Information Technology, warned that two of the vulnerabilities reported, CVE-2023-42916 and CVE-2023- 42917, could be exploited by malicious entities and urged users to update to the latest OS patches.
In an advisory issued CERT- In has reported multiple vulnerabilities in Apple products. These vulnerabilities affect iPhone, iPad, Mac, Apple TV, Apple Watch, and Safari Web browser. According to CERT-In, iOS and iPadOS versions before 17.2 and 16.7.3, macOS Sonoma versions before 14.2, macOS Ventura versions before 13.6.3, macOS Monterey versions before 12.7.2, tvOS versions before 17.2, watchOS versions before 10.2, and Safari versions before 17.2 are all facing high-risk vulnerabilities.
“Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, and perform spoofing attacks on the targeted systems,” CERT-In said in the advisory.
Additionally, CERT-In also issued a vulnerability note for Samsung products on December 13, flagging Android versions 11, 12, 13, and 14 on Samsung devices under high risk of threats that could allow attackers to bypass security restrictions, access sensitive user information, and run arbitrary code on the targeted system.
The vulnerabilities on Samsung devices could be exploited to access device SIM PIN and send a broadcast with elevated privilege, among other actions. Samsung users can get the newest OS update on their devices, along with the latest security patch, to avoid falling prey to these threats.
Last month, CERT-In had warned of multiple security vulnerabilities affecting older iPhone and iPad models. In its vulnerability note CIVN-2023- 0303 issued earlier in October, CERT-In had flagged security flaws that had affected older versions of iOS and iPadOS.
The vulnerabilities affected OS versions before iOS 16.7.1 and iPadOS 16.7.1, according to the agency.
Samsung and other smartphone manufacturers issue timely updates and security patches to keep their devices robust against various threats and vulnerabilities.
Despite regular fixes, both iOS and Android platforms could fall prey to malicious exploits. Subsequently, the government has issued high-risk security alerts for users of both Apple and Samsung devices.