Cert-in. Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data


India’s cyber-security team, CERT-IN (Indian Computer Emergency Response Team), has warned Apple device owners about vulnerabilities in Apple’s web browser, Safari and iOS 16.1 that allow malicious attackers to steal users’ sensitive information. can inspire.

Vulnerability affecting Apple iOS and iPad OS

Describing the vulnerability, Cert-In said in a press release that several vulnerabilities have been reported in Apple’s iOS and iPadOS that allow a remote attacker to “gain access to sensitive information, execute arbitrary code, and perform DoD attacks on the targeted device.” may be allowed to enter. ,

“These vulnerabilities exist in Apple iOS and iPadOS because of improper security restrictions in the AppleMobileFileIntegrity component; Improper range checking in AVEVideoEncoder component; Improper validation in CFNetwork component; Improper eligibility in the core Bluetooth component; Improper memory handling in the GPU driver component; Memory corruption issue in IOHIDFamily written issue in kernel component; Use after issue of free access, improper memory handling and race conditions in the PPP component; and logic problem in website component; After-use-free error in WebKit PDF component; Improper input validation in mail component,” Cert-In wrote.

The cyber security agency also said that this vulnerability is being exploited in the wild and that it can be exploited by an attacker by persuading the victim to open a specially crafted file or app.

Affected devices and OS versions: This is affecting all iPadOS versions prior to iPadOS 16 and iOS versions prior to iOS 16.0. The list of affected devices includes the iPhone 8 and later, all iPad Pro models, the third-gen iPad Air and later, and the fifth-gen iPad mini and later.

How to protect yourself: To protect themselves from this vulnerability, iPhone users need to download iOS 16.0.3 and iPadOS 16 or newer on their devices.

Vulnerability affecting the Safari web browser

Talking about the vulnerabilities, the cyber-security agency said that successful exploitation of these vulnerabilities could allow an attacker to spoof URLs, expose sensitive information or execute arbitrary code on targeted systems.

“These vulnerabilities exist due to improper UI handling in Apple Safari for macOS Big Sur and macOS Monterey, type confusion problems in the WebKit component, and type logic issue in the WebKit PDF component after the free use issue,” added the certificate-in. Gone.

These vulnerabilities are affecting all Safari versions prior to 16.1. Apple device owners can download the latest version of Apple’s web browser to protect themselves.

Cert-In first appeared on BGR India, post vulnerability in Safari, iOS 16.1 hackers could steal sensitive data of users.

Read full article here

Leave a Reply