CERT-In warns of high-severity vulnerabilities in Apple OS, Safari browser
These vulnerabilities pose high risks, potentially allowing attackers to execute arbitrary code, bypass security measures, access sensitive information, gain elevated privileges, or trigger denial of service conditions on targeted systems.
The CERT-In has also issued a warning regarding multiple vulnerabilities in Apple Safari, potentially enabling attackers to bypass security protocols, access sensitive data, or initiate denial-of-service (DoS) attacks on affected systems.
According to findings, these vulnerabilities stem from various sources within Apple Safari, the default browser for Apple users, including a flaw in the Safari Private Browsing feature, inadequate handling of web content, unauthorised extraction of audio data across origins, insufficient enforcement of content security policies, and user fingerprinting through the processing of maliciously crafted web pages in Webkit Components.
If exploited successfully, these vulnerabilities could result in the bypassing of security measures, unauthorised access to sensitive information, or the triggering of a DoS condition on the targeted system.
The affected Apple operating systems include:
Apple visionOS versions prior to 1.1 (Available for Apple Vision Pro)
Apple tvOS versions prior to 17.4 (Available for Apple TV HD and Apple TV 4K (all models))
Apple watchOS versions prior to 10.4 (Available for Apple Watch Series 4 and later)
Apple macOS Monterey versions prior to 12.7.4
Apple macOS Sonoma versions prior to 14.4
Apple macOS Ventura versions prior to 13.6.5
Apple Xcode versions prior to 15.3 (Available for macOS Sonoma 14 and later)
Apple GarageBand versions prior to 10.4.11 (Available for macOS Ventura and macOS Sonoma)
Users operating on the aforementioned software versions are strongly urged to update their systems with the latest patches provided by Apple. CERT-In has also shared a comprehensive list of appropriate security updates issued by Apple to mitigate the identified vulnerabilities.
In line with its commitment to customer security, Apple maintains a policy of not disclosing, discussing or confirming security issues until thorough investigations have been conducted, and patches or updates are made widely available.