CERT-In Issues Guidance for High -Risk Apple IOS Vulnerability

CERT-in has issued a high-severity alert for Apple users. A critical Apple vulnerability has been noticed in certain versions of iOS and iPadOS. This warning was released on 12 May. According to the warning, there’s a “very high risk” for users of iPhones and iPads who are running obsolete software versions.

Who all are affected

As per CERT-in, vulnerability is affecting following iPhone versions:

● iPad Pro 12.9-inch (2nd generation)

● iPad Pro 10.5-inch

● iPad 6th generation running iPadOS versions prior to 17.7.3

● iPad Pro 13-inch,

● iPad Pro 12.9-inch (3rd generation and later),

● iPad Pro 11-inch (1st generation and later),

● iPad Air (3rd generation and newer),

● iPad 7th generation and later, and

● iPad mini (5th generation and newer) are also vulnerable if running on versions of iPadOS prior to 18.3.

Normal functioning of the devices can be affected due to malicious applications and potentially cause the device to become disabled, until it is restored as explained by CERT-in. It is a huge threat to user data and device functionality, especially if the user is not aware about the source of the disruption.

As per the research, it has been found that the root cause of the issue lies in how Apple's operating system handles Darwin notifications which is a key communication mechanism within the CoreOS layer that allows different processes to exchange system-wide updates. As per CERT-in advisory, any iOS application can send these sensitive system-level Darwin notifications without any permissions. This flaw can open the door for malicious apps to interfere with critical system functions.

How to mitigate the risk

To reduce the impact of the risk, all Apple users have been requested to install the latest security patches issued by Apple. Currently CERT-in is advising to keep the device’s operating system up to date to combat against the iPhone XS vulnerability. As per CERT-in, Apple IOS vulnerability issue has been addressed by the recent software update and users are encouraged to read the company’s official advisory for detailed guidance.

CERT-In also advised the users to proceed with caution while downloading apps, especially from unofficial sources apart from updating their devices. They are also requesting users to limit the app permissions and stay informed about the potential threats which can also help reduce the risk of exploitation. For further updates, users can reach out to Apple’s support channels or visit the official CERT-In website.