Government issues high risk warning for iPhone users: Here’s what they should do

Which Apple devices are impacted?

As per the advisory, Apple iOS 16.1, Apple iOS versions prior to 16.0.3 and iPadOS versions prior to 16 are affected by the vulnerability – CVE-2022-42827. List of impacted devices include Apple iPhone 8 and later, iPad Pro Call models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.

Why does the vulnerability exist in Apple devices?

In its advisory, CERT-In says that these vulnerabilities exist in Apple iOS and iPadOS due to

– Improper security restrictions in AppleMobileFileIntegrity component

– Improper bounds check in Avevideoencoder component; Improper validation in CrNetwork component

– Improper entitlement in Core Bluetooth component

– Improper memory handling in GPU Drivers component

– Memory corruption issue in IOHIDFamily component

– Use after free issue and Race condition issue in IOKit component

– Improper memory handling and Out-of-bounds write issue in Kernel component

– Improper memory handling and Race condition issue in PPP component

– Use after free issue

– Improper security restrictions and Improper path validation in Sandbox component

– Improper UI handling, Type confusion issue and Logic issue in Webkit component

– Use-after-free error in WebKit PDF component

– Improper input validation in Mail component.

How can the vulnerability impact iPhone users?

These vulnerabilities can be exploited by a remote attacker to persuade the victim to open a specially crafted file or application. On successful exploitation of these vulnerabilities, the attacker could gain access to sensitive information, execute arbitrary code, spoofing of the interface address or denial of service conditions on the targeted system.

What should users do?

The CERT-In advisory says that the vulnerability is being exploited in the wild. Users are advised to apply software updates as mentioned in the Apple Security updates.