In a report, CERT-In shared, that security vulnerabilities have been detected in operating systems from Apple powering their MacBooks, iPhone, and iPads.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
Vulnerabilities in macOS
The vulnerabilities have been found in Apple macOS Catalina prior to 20022-005, macOS Big Sur versions prior to 11.6.8, and macOS Monterey versions prior to 12.5.
These vulnerabilities can be exploited by a remote attacker to execute arbitrary code, bypass security restrictions, and cause denial of service on targeted systems. Attackers can reportedly exploit these vulnerabilities by persuading a victim to visit maliciously crafted web content to bypass security restriction and execute arbitrary code.
According to CERT-In, the vulnerabilities exist due to out-of-bounds read in AppleScript, SMB and Kernel, out-of-bounds write in Audio, ICU, PS Normalizer, GU Drivers, SMB and WebKit.
Authorisation issues have been found in AppleMobileFileIntegrity; information disclosure in the Calendar and iCloud Photo Library. Other reported vulnerability includes logic issue in the File System Events, PluginKit, Windows Server, and Automation and memory corruption in Intel Graphics Driver, GPU Drivers, and SMB.
In the WebRTC, type confusion in multi-touch and memory initialisation issues in libxmI2, have also been found.
Vulnerabilities in iOS and iPadOS
Multiple vulnerabilities in Apple’s iOS and iPadOS with high severity have been found in versions prior to 15.6.
These vulnerabilities can be exploited by remote attackers to execute arbitrary code, bypass security restrictions, and cause denial of service on targeted systems. The vulnerabilities can be exploited by remote attackers by sending maliciously crafted web content on targeted systems.
In iOS and iPadOS, these vulnerabilities have been found to exist due to out-of-bounds write in Audio, GPU Drivers, ICU and WebKit, and buffer overflow in AppleAVD.
Authorisation issues have been found in the AppleMobileFileIntegrity, with logic issues being reported in File System Events, Home, ImageIO and Kernel overflow in AppleAVD.
Authorisation issues have also been reported in the Apple Mobile File Integrity with the logic issue in File System Events, Home, ImageIO, Kernel and PluginKit.
Other than these, memory corruption issues in GPU Drivers, IOMobileFrameBuffer and WebRTC; information disclosure in iCloud Photo Library; out-of-bounds read in ImageI0 and Kernel; memory initialization in libxmI2; type confusion in multi-touch have also been found.
These vulnerabilities, however, can be fixed by applying available security patches for Apple softwares.
