Govt warns of critical bug in Apple devices that can let hackers steal user data: How to protect

Indian government's cyber security wing, the Indian Computer Emergency Response Team (CERT-In), has issued an advisory warning Apple device owners in the country of two high-risk vulnerabilities that can lead to user data getting hacked.

In its advisory, CERT-In said that these vulnerabilities can be exploited by attackers to execute a malicious code or perform XSS attacks on the targeted system. For the unversed, XSS attacks stands for Cross Site Scripting attack. In such attacks, a hacker uses a web app to send a malicious code that will execute only when the targeted user loads the website.

"Two vulnerabilities were reported in Apple products, which could be exploited by an attacker to execute arbitrary code or perform XSS attacks on the affected device," CERT-In wrote in its advisory.

"Potential for unauthorised access to sensitive user information, denial of service (DoS) and data manipulation," the organisation. This means that hackers can also use these vulnerabilities to make the targeted system unavailable to the user and manipulate its data.

Apple vulnerabilities: What are the vulnerabilities and how do they impact Apple devices?

The first issue -- CVE-2024-44308 -- exists in a system component called JavaScriptCore, which is used by Safari and other apps. This bug can be used by an attacker to execute an arbitrary code or an infected piece of code on the targeted Apple device, which can lead to security issues and potential cyber attacks.

The second issue -- CVE-2024-44309 -- exists in a component called WebKit, which according to CERT-In powers Safari and web content on Apple devices. This issue can be exploited by an attacker to trigger XSS attack on the targeted device.

Apple vulnerabilities: Who is affected by these vulnerabilities?

As per the details shared by India's cyber security agency, iPhones and iPads running OS versions prior to 18.1.1, Macs running on macOS Sequoia versions prior to 15.1.1, and Apple Vision Pro running versions prior to 2.1.1 are affected by these vulnerabilities.

Apple vulnerabilities: How can Apple device owners protect themselves?

Apple device owners can protect themselves by downloading the latest versions of iOS, iPadOS or macOS on their devices. Here's a step-by-step guide for the same:

How to update iPhone or iPad

Step 1: Open the Settings app on your device.

Step 2: Tap the General Settings option.

Step 3: Tap the Software Update option.

Step 4: Tap Update Now button.

How to update Mac

Step 1: Click on the Apple Menu.

Step 2: Click on System Settings.

Step 3: Click on the General option.

Step 4: Lastly, Click on the Software Update option.