The alert has been issued for vulnerabilities in Apple’s operating systems including iPad OS and iOS, that can be exploited by remote attackers to execute arbitrary codes on targeted systems.
(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
The threat alert from CERT-In noted that the vulnerability exists due to out-of-bounds write in kernel and WebKit components of the software. The vulnerability has been noted to be used by remote attackers by enticing victims to open specially crafted files.
Zoom, a video-calling app, in its security bulletin acknowledged that the vulnerabilities in Apple’s software and its auto update process could be exploited by attackers to escalate their privileges to root files in Mac OS, thereby compromising the security of the affected systems.
In Apple’s kernel process, the vulnerability, according to information on its website, can allow an application to execute arbitrary code with kernel privileges. In the WebKit the vulnerability was found to be used by processing maliciously crafted web content that could lead to arbitrary code execution.
In iOS and iPad OS the vulnerabilities were found to affect versions 15.6.1. “Apple is aware of a report that this issue may have been actively exploited”, the company stated in its website.
Both Apple and Zoom have advised users to update to their latest security patches to fix the vulnerability.
CERT-In, earlier this month, had also released alerts for high severity vulnerabilities in Mac OS, iPad OS, and iOS that could have been exploited by attackers to execute arbitrary code and bypass security restrictions on affected devices.
