- CERT-In detects multiple vulnerabilities in Apple’s macOS, iOS, and iPadOS that can be used to bypass security restrictions.
- Authorization issues in the iCloud Photo Library and Calendar have also been found.
- Recently, Apple has released the latest security updates to cope with these vulnerabilities.
The Indian Computer Emergency Response Team, CERT-In, reported multiple vulnerabilities in Apple macOS. According to CERT-In, remote attackers could exploit these vulnerabilities to execute arbitrarily, meaning the attacker can run any commands or code, deny service, and bypass security restrictions.
The vulnerabilities have been found in macOS Big Sur versions before 11.6.8, macOS Catalina before 20022-005, and macOS Monterey versions before 12.5.
As per CERT-In, remote attackers can exploit these vulnerabilities by leading the victim to visit compromised or maliciously crafted web content to executing arbitrary code and bypass security restrictions.
Why do these vulnerabilities exist?
According to CERT-In, these vulnerabilities exist due to out-of-bounds read in AppleScript, affecting the unknown part of the AppleScript component. Besides this, SMB and Kernel – space for sharing files over the network, GU Drivers, and SMB and WebKit.
Authorization issues and information disclosure in the iCloud Photo Library and Calendar have also been found.
Vulnerabilities in iPadOS and iOS
Different vulnerabilities in iPadOS and Apple’s iOS have been found in versions before 15.6. Similar to macOS, these vulnerabilities can be exploited by a remote attacker to bypass security restrictions and cause a denial of service. To exploit the user, an attacker will take the user to maliciously crafted web content.
The vulnerabilities and security threats are very much similar to macOS, as authorization issues have been found in the Home, ImageIO and Kernel and PluginKit. Besides this, issues in GPU drivers, memory corruption, information, and disclosure in iCloud Photo Library have also been found.
What can you do?
To cope with these vulnerabilities and issues, Apple has released the latest security updates for iOS and iPadOS following the latest version of macOS 12.5, the latest version of tvOS 15.6, and watchOS 8.7.
Remember, once updated to these latest security updates, you cannot be downgraded to the previous version.