The identified vulnerabilities could jeopardize the security of users’ sensitive information.
Apple, Samsung, and other smartphone manufacturers regularly release updates and security patches to fortify their devices against a range of threats and vulnerabilities. Despite these routine fixes, both iOS and Android platforms remain susceptible to malicious exploits. Recently, the Indian Computer Emergency Response Team (CERT-In) issued high-risk security alerts for users of Apple and Samsung devices, highlighting severe vulnerabilities in their products. The disclosed vulnerabilities pose a potential risk to users’ sensitive information.
In its advisory on December 15, CERT-In identified multiple vulnerabilities in Apple products, impacting iPhone, iPad, Mac, Apple TV, Apple Watch, and the Safari web browser. According to CERT-In, versions prior to iOS 17.2 and 16.7.3, macOS Sonoma versions prior to 14.2, macOS Ventura versions prior to 13.6.3, macOS Monterey versions prior to 12.7.2, tvOS versions prior to 17.2, watchOS versions prior to 10.2, and Safari versions prior to 17.2 are all exposed to high-risk vulnerabilities.
CERT-In stated, “Multiple vulnerabilities have been reported in Apple products which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, and perform spoofing attacks on the targeted systems.”
Emphasizing the severity of the situation, CERT-In highlighted two specific vulnerabilities, CVE-2023-42916 and CVE-2023-42917, urging users to promptly update to the latest operating system patches to mitigate the risks.
Additionally, on December 13, CERT-In issued a vulnerability note for Samsung products, flagging high-risk threats on Android versions 11, 12, 13, and 14. These vulnerabilities could potentially allow attackers to bypass security restrictions, access sensitive user information, and execute arbitrary code on the targeted system. The risks include unauthorized access to the device’s SIM PIN and the ability to send a broadcast with elevated privilege. Samsung users are advised to update their devices to the latest OS version and apply the most recent security patch to guard against these threats.
Notably, in the preceding month, CERT-In had already cautioned users about multiple security vulnerabilities affecting older iPhone and iPad models. In an October vulnerability note (CIVN-2023-0303), CERT-In identified security flaws impacting iOS versions prior to 16.7.1 and iPadOS versions prior to 16.7.1, underscoring the importance of updating to the latest operating system versions to address these vulnerabilities.