Security researchers have found several severe vulnerabilities in some trendy Apple products that could enable hackers to take control of their devices and use data obtained from them for rather nefarious activities.

The Indian Computer Emergency Response Team (CERT-In), the Central cyber security agency for India, has warned about some severe vulnerabilities in the Apple Watch and specific versions of Macs, iPhones, and iPad. Given the boom of smartwatches and fitness trackers in India and the number of people who have gone for an Apple Watch, the device will likely be the most targeted.

CERT-In warned of multiple vulnerabilities in the Mac operating system, and the exposures were classified as ‘critical,’ which is the most severe rating in cyber security parlance.

“Multiple vulnerabilities have been reported in the Apple Mac OS which a remote attacker could exploit to execute arbitrary code, bypass security restrictions, and cause a denial of service conditions on the targetted system,” the advisory stated.

This means that a hacker could run any commands or code of their choice on a target device after gaining control of the device using the vulnerability.

Apple has released patches for both the vulnerabilities, which can be installed by downloading the latest product updates. However, what makes the matter even more serious is that, by Apple’s admission, hackers might have already exploited these vulnerabilities.

“Apple is aware of a report that this issue may have been actively exploited,” Apple said in a statement regarding the two vulnerabilities on its official website.

Apple devices running iOS & iPadOS versions before 15.5 have been rated highly severe. macOS Catalina before security update 2022-004, versions of macOS Big Sur before 11.6.6, and versions of macOS Monterey before 12.4 have been rated critically severe.

As for the Apple Watch, any device running watchOS versions before watchOS 8.6 is highly severe. Users using older versions of these OS should update their devices as soon as possible. If updating your device isn’t an option, the least you can do is remove all sensitive and critical data from these devices.

People in the cyber security community have an unwritten rule: whenever a researcher finds a vulnerability in a product, they inform the manufacturer first and give them ample time to resolve it before making their research public. This is done so that the manufacturers can fix these issues and release updated software patches for the vulnerabilities.

Given how often we store a ton of personal data and vital information such as our PAN and Aadhar data, as well as our banking and social media credentials, on our smartphones, these vulnerabilities can wreak havoc in a person’s life when a hacker gets access.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Unauthorized Content Copy Is Not Allowed
Scroll to Top
%d bloggers like this: