Following the launch of iPhone 16, the Indian Computer Emergency Response Team (CERT-In), has issued a nationwide security alert concerning Apple device users in the Indian market. The notification, issued by the cybersecurity arm of the Ministry of Electronics and Information Technology (MeitY), has altered multiple vulnerabilities in various Apple operating systems including iOS, iPadOS, and macOS, which could leave users exposed to serious security risks if not addressed.
Security Concerns Raised By Cert-In
Apple, a tech behemoth, launched its iPhone 16 series on September 20, 2024. The high-risk warning issued by CERT-In doesn’t individually concern this series but many other Apple Products and versions, such as:
- iPhones and iPads: iOS versions prior to 18 and 17.7, iPadOS versions prior to 18 and 17.7
- MacBooks and Desktop Macs: macOS Sonoma versions prior to 14.7, macOS Ventura versions prior to 13.7
- Apple Watches: watchOS versions prior to 11
- Apple TVs: tvOS versions prior to 18
- Safari Browser: Versions prior to 18
- Xcode (Apple’s Development Environment): Versions prior to 16
- visionOS: Versions prior to 2
Per the notification, vulnerabilities in these systems could potentially allow attackers to exploit users’ devices, access sensitive information or perform harmful activities such as executing arbitrary code, bypassing information security restrictions, launching denial of service (DoS) attacks, and possibly lead to spoofing.
What Should Apple Users Do?
In order to protect themselves from such vulnerabilities, Apple users should take the following steps:
1. Update Your Devices: Apple, previously, has addressed most of the above-mentioned security concerns in its software updates across iOS, iPadOS, macOS, watchOS, and other platforms. Users should first and foremost update their devices to with latest available software version. Here’s how to do that:
- For iPhone and iPads: Go to settings, select the ‘General’ option, and look for any software updates. If available, download the latest iOS or iPadOS version.
- For MacBook and Mac users: Go to ‘System Preferences’ and look for any available software updates. Follow the prompts and install updates you see here.
- Apple Watches: Go to the settings option on your watch, under ‘General’ section look for any software updates. If available, install the same and update your device. You can also use the “Watch App” on your phone to install such updates.
- Apple TVs: Follow the similar pattern as mentioned for Apple Watches, here you have to look for to install the latest tvOS version.
- Safari: Go to the App Store, or update the device via ‘System Preferences’ on macOS devices.
2. Enable Automatic Updates: In order to avoid any future vulnerabilities, users should enable ‘automatic update’ on all of their devices. This would ensure that your system always runs the latest software without the need for manual intervention.
3. Monitor Security Alerts: In addition to ensuring software updates, users should also monitor security alerts issued for Apple devices to stay updated with any new cyber risks. You can keep an eye on CERT-In notifications or updates by the Apple company for the same.
4. Be Aware of Downloading Suspicious Links: Even with updated software, cybercriminals can easily infiltrate your devices through fishy links sent via emails and messages. They can download malicious software into your phone once they gain access. Users should avoid clicking on suspicious links and not open emails, or attachments that show security concerns.
5. Use Secure Networks: Additionally, it is also important for you to use secure networks while browsing or going through various websites. A compromised network will allow cybercriminals to compromise your device settings by downloading updates or accessing sensitive information. This usually happens when using public WiFi or open networks.
Moreover, CERT-In has stressed that while Apple has previously addressed such vulnerabilities with recent software updates, users must remain extra cautious and proactive in protecting their devices against such attacks.
