Yazılar

CERT-In Alerts Apple Users to Critical Security Vulnerabilities

/in /tarafından

CERT-In Issues Warning Over Critical Security Vulnerabilities in Apple Devices

The Indian Computer Emergency Response Team (CERT-In) has issued a significant security alert for Apple users following the discovery of multiple vulnerabilities in several Apple devices, including iPads, Macs, and iPhones. The warning, which was issued this week, highlights potential risks within the operating systems that power a wide range of Apple products. If exploited, these vulnerabilities could lead to unauthorized access to sensitive information, allowing attackers to compromise systems and perform a variety of malicious actions.

Security Risks in Apple Products

In its advisory dated January 28, CERT-In detailed several high-risk vulnerabilities that affect a wide range of Apple products. The flaws could allow attackers to execute arbitrary code, bypass security measures, manipulate data, and even escalate privileges on affected devices. Specific risks include denial of service (DoS) conditions, bypassing authentication protocols, and executing spoofing attacks. These vulnerabilities could significantly impact the privacy and functionality of the devices.

Affected Versions and Devices

The advisory identifies a number of Apple products that are susceptible to these vulnerabilities. The list includes several versions of macOS, including macOS Sequoia (prior to 15.3), macOS Sonoma (prior to 14.7.3), and macOS Ventura (prior to 13.7.3). Additionally, iPadOS (prior to 17.7.4), iOS, tvOS, and visionOS (prior to 18.3) are all impacted by these flaws. Apple’s Safari browser and watchOS (prior to 11.3) are also affected. CERT-In rates these vulnerabilities as “high risk,” urging Apple users to take immediate action to safeguard their devices.

Root Causes and Exploited Vulnerabilities

The vulnerabilities have been traced back to several technical issues such as null pointer dereference, type confusion errors, and use-after-free errors. Other issues include problems related to file handling, input validation, and the handling of user-sensitive data. Of particular concern is CVE-2025-24085, a critical vulnerability that is actively being exploited in the wild. This flaw affects devices running older versions of iOS, iPadOS, and macOS, making it especially important for users of older devices to update their software.

CERT-In’s Recommendations

To mitigate these risks, CERT-In strongly advises all Apple users to update their devices to the latest software versions. This follows a recent release from Apple, which issued an update aimed at patching many of these vulnerabilities. Apple has taken steps to address these issues, but it’s crucial that users stay proactive by applying security updates promptly. This advisory serves as a reminder of the importance of keeping devices up to date to prevent potential breaches and data compromises.

Report Warns of Side Channel Exploits Targeting Recent iPhone and Mac Models, Threatening Sensitive Data

/in /tarafından

Security researchers have identified a new set of vulnerabilities in Apple’s A and M-series Silicon chipsets, potentially exposing recent iPhones, iPads, and Macs to side-channel exploitation. According to a report, these vulnerabilities allow threat actors to access sensitive memory contents, including private data from applications like Google Maps and iCloud Calendar, which would typically be off-limits. Alarmingly, even the latest iPhone 16 models and M4-powered Macs are at risk, suggesting a widespread security concern for Apple’s ecosystem.

Apple Devices at Risk

A report by Ars Technica highlights that a wide range of Apple devices could be vulnerable to these exploits. Affected models include:

  • All MacBook models from 2022 onward
  • All iMac models from 2023 onward
  • All iPad Pro, Air, and Mini models from September 2021 onward
  • All iPhone models from September 2021 onward

This broad exposure means millions of Apple users could be at risk, especially those relying on these devices for sensitive tasks such as online banking, document storage, and location-based services.

How the Vulnerability Works

The vulnerability stems from an optimization technique in Apple’s Silicon chips known as speculative execution, which predicts and executes instructions ahead of time to improve processing speed. However, researchers have identified two types of side-channel attacks that exploit this mechanism. The more dangerous of the two, dubbed Floating-Point Operations (FLOP), manipulates the Load Value Predictor (LVP)—a component designed to predict memory contents—to trick the CPU into accessing restricted memory. This allows attackers to steal sensitive information from a user’s browser, such as Google Maps location history or events stored in iCloud Calendar. The attack is particularly effective if a victim has Gmail or iCloud open in one browser tab while visiting a malicious website in another for around five to ten minutes.

The Security Implications

Security experts warn that this exploit could bypass critical memory safety checks, making unauthorized data access easier. “If the LVP guesses wrong, the CPU can perform arbitrary computations on incorrect data under speculative execution. This can cause critical checks in program logic for memory safety to be bypassed, opening attack surfaces for leaking secrets stored in memory,” the researchers stated. Given the severity of the issue, Apple is expected to address these vulnerabilities in upcoming software updates or possibly future hardware revisions. Until then, users should be cautious about their browsing habits and avoid keeping sensitive applications open while navigating untrusted websites.

Apple Shares Rise After Positive Sales Outlook Signals iPhone Recovery

/in /tarafından

Apple’s executives projected relatively strong sales growth, indicating the company’s recovery from a dip in iPhone sales as it begins to roll out artificial intelligence (AI) features. After a slight decline in iPhone revenue during the holiday shopping quarter, which fell short of Wall Street estimates, Apple has made progress in its AI efforts, and investors are optimistic about the future. Tim Cook, Apple’s CEO, stated that these AI features will be available to more users in Europe this spring, leading to a 3.14% increase in shares during after-market trading.

Apple has adopted a more measured approach to AI compared to rivals like Microsoft, focusing on integrating AI features into its hardware rather than investing heavily in massive data centers. This strategy paid off when DeepSeek, a Chinese AI startup, introduced free AI technology that triggered fears of price wars, ultimately benefiting Apple as it helped boost its stock price.

While AI adoption has been slow, Apple saw stronger-than-expected sales in other product categories. The fiscal first quarter of 2024 showed a boost in sales for iPads and Macs, where new chips encouraged customers to upgrade. Apple’s fiscal second-quarter outlook remains positive, with expected sales growth in the low-to-mid single-digit range.

In the most recent quarter, iPhone sales slightly dropped to $69.14 billion, missing analysts’ expectations of $71.03 billion. Sales in Greater China also decreased, bringing in $18.51 billion, below the expected $21.33 billion. However, Apple’s total sales of $124.30 billion exceeded Wall Street’s expectations of $124.12 billion, with earnings per share of $2.40 surpassing the consensus target of $2.35.

Apple has positioned AI as a set of new features, such as drafting emails and transcribing phone calls, but is gradually rolling them out. Tim Cook stated that markets where Apple Intelligence has been launched have seen stronger iPhone 16 family sales compared to those without it. While the AI features are expected to roll out in French and German in April, there is no timeline for availability in China due to regulatory concerns.

Mac sales benefitted from new models, including Mac Minis, iMacs, and MacBook Pros with the new M4 chip. The availability of Apple Intelligence on Macs and iPads, which have more powerful chips, has been a driving factor for upgrades. Apple’s services business, including iCloud, streaming, and other services, saw a 13.9% year-over-year increase, reaching $26.34 billion.

Despite criticism over the slow rollout of AI features, Apple’s services growth and ecosystem expansion are helping offset iPhone struggles, particularly in China. The wearables segment, including the Apple Watch and AirPods, posted $11.75 billion in sales, slightly below analysts’ expectations of $12.01 billion.