The Indian Computer Emergency Response Team (CERT-In) has warned of multiple vulnerabilities in Apple’s iPhone and iPad. The vulnerability could allow a remote attacker to gain access to sensitive information, execute arbitrary code, copy the interface address, or deny service conditions on the targeted device. 

The government agency advised users to apply necessary software updates as mentioned in the Apple Security updates.

As per the CERT-In advisory, Apple iOS 16.1, Apple iOS versions prior to 16.0.3 and iPadOS versions before 16 are affected by the vulnerability – CVE-2022-42827. Other devices impacted include Apple iPhone 8 and later, iPad Pro Call models), iPad Air 3rd generation , iPad 5th generation and later, and iPad mini 5th generation and later.

Reasons why vulnerabilities exist in Apple iOS and iPadOS include

  • Improper security restrictions in AppleMobileFileIntegrity component
  • Improper bounds check in Avevideoencoder component; Improper validation in CrNetwork component
  • Improper entitlement in Core Bluetooth component
  • Improper memory handling in GPU Drivers component
  • Memory corruption issue in the IOHIDFamily component
  • Improper security restrictions and Improper path validation in the Sandbox component
  • Improper UI handling, Type confusion and Logic issues in the Webkit component