ADVERTISEMENT

CERT-In detects multiple threats with high severity in Apple’s macOS, iOS and iPadOS

August 01, 2022 03:37 pm | Updated August 02, 2022 01:40 pm IST

CERT-In has detected multiple vulnerabilities with high severity in Apple’s macOS, iOS, and iPadOS that can be used to bypass security restrictions

CERT-In has detected multiple threats with high severity in Apple’s macOS, iOS and iPadOS | Photo Credit: Reuters

In a report, CERT-In shared, that security vulnerabilities have been detected in operating systems from Apple powering their MacBooks, iPhone, and iPads. 

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

Vulnerabilities in macOS

The vulnerabilities have been found in Apple macOS Catalina prior to 20022-005, macOS Big Sur versions prior to 11.6.8, and macOS Monterey versions prior to 12.5. 

These vulnerabilities can be exploited by a remote attacker to execute arbitrary code, bypass security restrictions, and cause denial of service on targeted systems. Attackers can reportedly exploit these vulnerabilities by persuading a victim to visit maliciously crafted web content to bypass security restriction and execute arbitrary code. 

According to CERT-In, the vulnerabilities exist due to out-of-bounds read in AppleScript, SMB and Kernel, out-of-bounds write in Audio, ICU, PS Normalizer, GU Drivers, SMB and WebKit. 

 Authorisation issues have been found in AppleMobileFileIntegrity; information disclosure in the Calendar and iCloud Photo Library. Other reported vulnerability includes logic issue in the File System Events, PluginKit, Windows Server, and Automation and memory corruption in Intel Graphics Driver, GPU Drivers, and SMB. 

In the WebRTC, type confusion in multi-touch and memory initialisation issues in libxmI2, have also been found. 

Vulnerabilities in iOS and iPadOS

Multiple vulnerabilities in Apple’s iOS and iPadOS with high severity have been found in versions prior to 15.6.

These vulnerabilities can be exploited by remote attackers to execute arbitrary code, bypass security restrictions, and cause denial of service on targeted systems. The vulnerabilities can be exploited by remote attackers by sending maliciously crafted web content on targeted systems.

In iOS and iPadOS, these vulnerabilities have been found to exist due to out-of-bounds write in Audio, GPU Drivers, ICU and WebKit, and buffer overflow in AppleAVD. 

Authorisation issues have been found in the AppleMobileFileIntegrity, with logic issues being reported in File System Events, Home, ImageIO and Kernel overflow in AppleAVD. 

Authorisation issues have also been reported in the Apple Mobile File Integrity with the logic issue in File System Events, Home, ImageIO, Kernel and PluginKit.

Other than these, memory corruption issues in GPU Drivers, IOMobileFrameBuffer and WebRTC; information disclosure in iCloud Photo Library; out-of-bounds read in ImageI0 and Kernel; memory initialization in libxmI2; type confusion in multi-touch have also been found.

These vulnerabilities, however, can be fixed by applying available security patches for Apple softwares.

ADVERTISEMENT

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every month
You have exhausted your free article limit.
Please support quality journalism.
You have exhausted your free article limit.
Please support quality journalism.
The Hindu operates by its editorial values to provide you quality journalism.
This is your last free article.

ADVERTISEMENT