iPhone breach: India’s CERT had alerted first in Jun, Apple advisory nothing new

| Updated: 31 October, 2023 4:12 pm IST

NEW DELHI: Amid the ongoing controversy in India, where opposition leaders have raised concerns about alleged government-sponsored phone surveillance, it has come to light that India’s nodal agency for cybersecurity, the Computer Emergency Response Team (CERT-In), had issued a security warning for iPhone users in the country back in June 2023.

The alert specifically focused on vulnerabilities in iPhones that could be exploited by hackers. CERT-In, operating under the Ministry of Electronics and Information Technology to address cybersecurity threats, provided early warning to users, cautioning that if these vulnerabilities were not addressed, hackers might gain full control of users’ devices.

CERT-In identified weaknesses in Apple’s iOS and iPadOS, particularly relating to “improper state management” in WebKit and “improper input validation” in the Kernel. These issues could potentially be leveraged by hackers to execute their own code on targeted devices, potentially granting them complete control. Due to the gravity of these vulnerabilities, CERT-In categorised its warning as having a “high severity level.”

Interestingly, similar threat notifications were also received by iPhone users in approximately 150 countries, and several political leaders in Uganda reported receiving similar messages on their phones. Even Armenian-based journalists found themselves on the receiving end of such notifications.

Several prominent opposition leaders in India, including Shiv Sena (UBT) MP Priyanka Chaturvedi, TMC MP Mahua Moitra, AAP MP Raghav Chadha, and Congress MP Shashi Tharoor, shared screenshots of the messages they received.

Congress leader Rahul Gandhi, responding to the allegations of phone tapping, challenged Centre by stating, “Do as much phone tapping as possible; you can take my phone. I am not scared. This is the work of criminals and thieves.”

In response to the allegations made by opposition leaders, Apple issued a statement clarifying that it does not attribute the threat notifications to any specific state-sponsored attacker.

It’s worth noting that back in August 2022, Apple had advised its users to immediately update their iPhones, iPads, and Macs to protect against a pair of security vulnerabilities that could allow attackers to take complete control of their devices.

Also Read Story

TRENDING: British Indian tourist shifts to Vietnam over poor infra, dump; 3rd case after Korean vlogger, Japanese woman

Indian Navy inducts two advanced warships: Surat, Nilgiri

Crime Branch is mulling to summon Rahul Gandhi as accused

Why 12-15 times “Tere Bin” was used in Wazir song: Music composer Shantanu Moitra tells Rohan Dua