Update your iPhone! Why Union minister is warning Apple devices are at risk

On Friday morning, Minister of State for Electronics & IT Rajeev Chandrasekhar sent out a tweet urging the public to updates iPhones to avoid ‘zero-day’ exploit vulnerabilities.

Update ur iphones wth 15.6.1 to avoid zero-day exploit vulnerabilitiea

⁦@IndianCERT⁩ ⁦@GoI_MeitY⁩

Apple releases iOS, iPadOS and macOS security fixes for two zero-days under active attack https://t.co/uKQbd0oDG1

— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) August 19, 2022

This development comes after Apple recently disclosed some serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.

Apple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications.

Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.

Let’s take a closer look:

Which models are affected?

Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running macOS Monterey.

The flaw also affects some iPod models.

What’s the issue?

As per Techcrunch, the two vulnerabilities were found in WebKit, the browser engine that powers Safari and other apps, and the kernel, essentially the core of the operating system. The two flaws affect both iOS and iPadOS and macOS Monterey.

Apple said the WebKit bug could be exploited if a vulnerable device accessed or processed “maliciously crafted web content [that> may lead to arbitrary code execution,” while the second bug allowed a malicious application “to execute arbitrary code with kernel privileges,” which means full access to the device.

The two flaws are believed to be related.

“Apple is aware of a report that this issue may have been actively exploited,” the company was quoted as saying by the Indian Express.

What are zero-day flaws?

As per Indian Express, these refer to flaws in a particular software even the developer is unaware of. A zero-day vulnerability is detected only when an attack exploiting one occurs, or when companies find them and patch issues.

Zero-day loopholes in WhatsApp and Apple’s iMessage have been used earlier to install spyware tools, as per the report.

Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.

Why is it important to update?

Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real-time.

As per TechCrunch, NSO Group’s Pegasus uses two or more vulnerabilities together to break through a device’s layers of protections. It’s not uncommon for attackers to first target a vulnerability in the device’s browser as a way to break into the wider operating system, granting the attacker wide access to the user’s sensitive data.

The NSO Group has been blacklisted by the US commerce department. Its spyware is known to have been used in Europe, the West Asia, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched.

The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had being exploited.

With inputs from agencies

Read all the  Latest News ,  Trending News ,  Cricket News ,  Bollywood News , India News  and  Entertainment News  here. Follow us on  Facebook ,  Twitter  and  Instagram .