Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In
<img src="” title=”Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In” />
India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has cautioned Apple device owners about vulnerabilities in Apple’s web browser, Safari, and iOS 16.1 that can lead malicious attackers to steal users’ sensitive information.
Vulnerability affecting Apple iOS and iPad OS
Describing the vulnerability, Cert-In in a press release said that multiple vulnerabilities have been reported in Apple’s iOS and iPadOS that could allow a remote attacker to gain access to ‘sensitive information, execute arbitrary code, and lodge a DoDs attack on the targeted device.
“These vulnerabilities exist in Apple iOS and iPadOS due to improper security restrictions in AppleMobileFileIntegrity component; improper bounds check in AVEVideoEncoder component; improper validation in CFNetwork component; improper entitlement in core Bluetooth component, improper memory handling in GPU drivers component; memory corruption issue in IOHIDFamily wrote issue in kernel component; use after free use, improper memory handling and race condition issue in PPP component; and logic issue in website component; use-after-free error in WebKit PDF component; improper input validation in Mail component,” Cert-In wrote.
The cyber security agency also said this vulnerability is being exploited in the wild and that it could be exploited by an attacker simply by persuading the victim to open a specially crafted file or app.
Affected devices and OS versions: It is affecting all iPadOS versions prior to iPadOS 16 and iOS versions prior to iOS 16.0.3. List of affected devices includes iPhone 8 and later, all iPad Pro models, third-gen iPad Air and later, and fifth-gen iPad Mini and later.
How to safeguard yourself: To safeguard themselves from this vulnerability, iPhone users need to download iOS 16.0.3 and iPadOS 16 or newer on their devices.
Vulnerability affecting Safari web browser
Talking about the vulnerability, the cyber-security agency said that successful exploitation of these vulnerabilities could allow the attacker to spoof URLs, disclose sensitive information or execute arbitrary code on the targeted system.
“These vulnerabilities exist in Apple Safari for macOS Big Sur and macOS Monterey due to improper UI handling, type confusion issue and logic issue in the WebKit component; use after free issue in the webkit PDF component,” Cert-In added.
These vulnerabilities are affecting all Safari versions prior to 16.1. Apple device owners can download the latest version of Apple’s web browser to safeguard themselves.
The post Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In appeared first on BGR India.
<img src="" title="Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In" />
India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has cautioned Apple device owners about vulnerabilities in Apple’s web browser, Safari, and iOS 16.1 that can lead malicious attackers to steal users’ sensitive information.
Vulnerability affecting Apple iOS and iPad OS
Describing the vulnerability, Cert-In in a press release said that multiple vulnerabilities have been reported in Apple’s iOS and iPadOS that could allow a remote attacker to gain access to ‘sensitive information, execute arbitrary code, and lodge a DoDs attack on the targeted device.
“These vulnerabilities exist in Apple iOS and iPadOS due to improper security restrictions in AppleMobileFileIntegrity component; improper bounds check in AVEVideoEncoder component; improper validation in CFNetwork component; improper entitlement in core Bluetooth component, improper memory handling in GPU drivers component; memory corruption issue in IOHIDFamily wrote issue in kernel component; use after free use, improper memory handling and race condition issue in PPP component; and logic issue in website component; use-after-free error in WebKit PDF component; improper input validation in Mail component,” Cert-In wrote.
The cyber security agency also said this vulnerability is being exploited in the wild and that it could be exploited by an attacker simply by persuading the victim to open a specially crafted file or app.
Affected devices and OS versions: It is affecting all iPadOS versions prior to iPadOS 16 and iOS versions prior to iOS 16.0.3. List of affected devices includes iPhone 8 and later, all iPad Pro models, third-gen iPad Air and later, and fifth-gen iPad Mini and later.
How to safeguard yourself: To safeguard themselves from this vulnerability, iPhone users need to download iOS 16.0.3 and iPadOS 16 or newer on their devices.
Vulnerability affecting Safari web browser
Talking about the vulnerability, the cyber-security agency said that successful exploitation of these vulnerabilities could allow the attacker to spoof URLs, disclose sensitive information or execute arbitrary code on the targeted system.
“These vulnerabilities exist in Apple Safari for macOS Big Sur and macOS Monterey due to improper UI handling, type confusion issue and logic issue in the WebKit component; use after free issue in the webkit PDF component,” Cert-In added.
These vulnerabilities are affecting all Safari versions prior to 16.1. Apple device owners can download the latest version of Apple’s web browser to safeguard themselves.
The post Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In appeared first on BGR India.
<img src="” title=”Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In” />
India’s cyber-security team, Cert-In (Indian Computer Emergency Response Team) has cautioned Apple device owners about vulnerabilities in Apple’s web browser, Safari, and iOS 16.1 that can lead malicious attackers to steal users’ sensitive information.
Vulnerability affecting Apple iOS and iPad OS
Describing the vulnerability, Cert-In in a press release said that multiple vulnerabilities have been reported in Apple’s iOS and iPadOS that could allow a remote attacker to gain access to ‘sensitive information, execute arbitrary code, and lodge a DoDs attack on the targeted device.
“These vulnerabilities exist in Apple iOS and iPadOS due to improper security restrictions in AppleMobileFileIntegrity component; improper bounds check in AVEVideoEncoder component; improper validation in CFNetwork component; improper entitlement in core Bluetooth component, improper memory handling in GPU drivers component; memory corruption issue in IOHIDFamily wrote issue in kernel component; use after free use, improper memory handling and race condition issue in PPP component; and logic issue in website component; use-after-free error in WebKit PDF component; improper input validation in Mail component,” Cert-In wrote.
The cyber security agency also said this vulnerability is being exploited in the wild and that it could be exploited by an attacker simply by persuading the victim to open a specially crafted file or app.
Affected devices and OS versions: It is affecting all iPadOS versions prior to iPadOS 16 and iOS versions prior to iOS 16.0.3. List of affected devices includes iPhone 8 and later, all iPad Pro models, third-gen iPad Air and later, and fifth-gen iPad Mini and later.
How to safeguard yourself: To safeguard themselves from this vulnerability, iPhone users need to download iOS 16.0.3 and iPadOS 16 or newer on their devices.
Vulnerability affecting Safari web browser
Talking about the vulnerability, the cyber-security agency said that successful exploitation of these vulnerabilities could allow the attacker to spoof URLs, disclose sensitive information or execute arbitrary code on the targeted system.
“These vulnerabilities exist in Apple Safari for macOS Big Sur and macOS Monterey due to improper UI handling, type confusion issue and logic issue in the WebKit component; use after free issue in the webkit PDF component,” Cert-In added.
These vulnerabilities are affecting all Safari versions prior to 16.1. Apple device owners can download the latest version of Apple’s web browser to safeguard themselves.
The post Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In appeared first on BGR India.
