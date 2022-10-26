comscore Bugs in Safari, iOS 16.1 could let hackers steal users’ sensitive data: Cert-In
Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In

  • Cert-In has cautioned against vulnerabilities in Apple Safari.
  • Cert-In has cautioned against vulnerabilities in iOS 16.1.
  • Apple has released updates to fix these vulnerabilities.
Image: Pixabay

India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has cautioned Apple device owners about vulnerabilities in Apple’s web browser, Safari, and iOS 16.1 that can lead malicious attackers to steal users’ sensitive information. Also Read - iOS 16.1 launch set for October 24 and I'm excited about these three features

Vulnerability affecting Apple iOS and iPad OS

Describing the vulnerability, Cert-In in a press release said that multiple vulnerabilities have been reported in Apple’s iOS and iPadOS that could allow a remote attacker to gain access to ‘sensitive information, execute arbitrary code, and lodge a DoDs attack on the targeted device. Also Read - Govt agency warns of dangerous WhatsApp bug that affects Android, iOS devices: Do this immediately

“These vulnerabilities exist in Apple iOS and iPadOS due to improper security restrictions in AppleMobileFileIntegrity component; improper bounds check in AVEVideoEncoder component; improper validation in CFNetwork component; improper entitlement in core Bluetooth component, improper memory handling in GPU drivers component; memory corruption issue in IOHIDFamily wrote issue in kernel component; use after free use, improper memory handling and race condition issue in PPP component; and logic issue in website component; use-after-free error in WebKit PDF component; improper input validation in Mail component,” Cert-In wrote. Also Read - CERT-In warns about bugs in Mozilla Firefox web browser: Check details

The cyber security agency also said this vulnerability is being exploited in the wild and that it could be exploited by an attacker simply by persuading the victim to open a specially crafted file or app.

Affected devices and OS versions: It is affecting all iPadOS versions prior to iPadOS 16 and iOS versions prior to iOS 16.0.3. List of affected devices includes iPhone 8 and later, all iPad Pro models, third-gen iPad Air and later, and fifth-gen iPad Mini and later.

How to safeguard yourself: To safeguard themselves from this vulnerability, iPhone users need to download iOS 16.0.3 and iPadOS 16 or newer on their devices.

Vulnerability affecting Safari web browser

Talking about the vulnerability, the cyber-security agency said that successful exploitation of these vulnerabilities could allow the attacker to spoof URLs, disclose sensitive information or execute arbitrary code on the targeted system.

“These vulnerabilities exist in Apple Safari for macOS Big Sur and macOS Monterey due to improper UI handling, type confusion issue and logic issue in the WebKit component; use after free issue in the webkit PDF component,” Cert-In added.

These vulnerabilities are affecting all Safari versions prior to 16.1. Apple device owners can download the latest version of Apple’s web browser to safeguard themselves.

  • Published Date: October 26, 2022 8:07 PM IST
