Multiple high-severity bugs were reported in some versions of Apple’s iOS, iPadOS, and Safari browser. India’s Computer Emergency Response Team has released vulnerability notes recommending users update their devices with the latest versions with fixes.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
iOS and iPadOS
Security bugs in iOS and iPadOS could allow remote attackers to gain access to sensitive information on devices, execute arbitrary code, cause denial of service conditions and perform spoofing of the interface on targeted systems.
These bugs exist due to improper security restrictions, bounds check, validation and memory handling in multiple software components.
Apple also shared details of a security bug that could allow apps to record audio using connected AirPods.
The bugs could be exploited by attackers by persuading victims to open specially crafted files or applications.
Security bugs affecting versions prior to iOS 16.0.3 and iPadOS 16 are being exploited in the wild.
Security bugs in Safari browser could allow attackers to spoof URLs, disclose sensitive information or execute arbitrary code on targeted systems.
The bugs have been found to exist due to improper handling of UI, type confusion and logic issue in Webkit components, and use after free problems in WebKit PDF components.
These security bugs can be exploited by attackers by executing a specially crafted application.
The bugs were found in Safari versions prior to 16.1 running on macOS Big Sur and macOS Monterey