The Indian Computer Response Team (CERT-In) has issued an advisory for iPhone users. The national cybersecurity agency has revealed a vulnerability in Apple iOS that can allow hackers to access Apple iPhones. “A vulnerability has been reported in Apple iOS which could allow an attacker to execute arbitrary code on the targeted system,” a CERT-In advisory says.
The vulnerability, it says, exists in Apple iOS due to a type confusion flaw in the WebKit component. This could easily be exploited by a hacker to entice victims into visiting a malicious website that can result in serious financial and data loss.
What are the devices impacted?
According to the CERT-In advisory, Apple iOS versions prior to 12.5.7 are impacted by the vulnerability. These include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
What should a user do?
CERT-In says that the vulnerability is being actively exploited against versions of iOS released before iOS 15.1. Users are therefore advised to apply appropriate software updates. Do note that Apple has already released a security patch for iOS 12.5.7.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1,” reads the company’s note with the patch released on January 23, 2023.
Having said that it is advisable for the existing users of iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) to upgrade to the latest models, in case they haven’t. Or they can at least remove their sensitive, private data from these old devices to stay safe.
Download The Mint News App to get Daily Market Updates & Live Business News.