A common misconception among Apple product users is that these devices are immune to cyber threats. However, the recent discovery of zero-day vulnerabilities has been an eye-opener—especially for Indian users. Last week, Google’s Threat Analysis Group (TAG) uncovered these vulnerabilities and promptly reported them to Apple. Following this, Apple released patches for two zero-day vulnerabilities that had already been exploited by malicious actors, though the scale of exploitation remains unclear. These vulnerabilities impacted Apple’s entire ecosystem, including iOS, iPadOS, macOS, visionOS, and the Safari web browser.

The Indian Computer Emergency Response Team (CERT-In) also issued an advisory classifying these vulnerabilities as “high risk.” The agency warned that the flaws could allow unauthorized access to sensitive credentials and enable cyberattacks, including denial-of-service attacks and manipulation of data, among others. The advisory also noted that “Intel-based Mac systems” were particularly susceptible to exploitation.

These vulnerabilities, classified as “zero-day,” refer to software flaws that are either unknown to the software maker or remain unpatched before hackers exploit them. The two vulnerabilities, tracked as CVE-2024-44308, a JavaScriptCore vulnerability enabling arbitrary code execution, and CVE-2024-44309, a WebKit cookie management flaw facilitating cross-site scripting (XSS), allow attackers to inject malicious scripts into web pages, impersonate users, steal sensitive data, and perform unauthorized actions on behalf of victims.

“These attacks demonstrate the ever-evolving nature of cyber threats. They affect individuals and businesses alike. For Indian companies using Apple products, it’s crucial to identify and fix these issues quickly. Zero-day exploits grant attackers access to sensitive data, disrupt operations, and invade privacy if left unaddressed,” says Pankit Desai, co-founder of Sequretek.

Desai emphasizes the importance of proactive cybersecurity measures, “As consumers, we face similar risks. Our increasing reliance on digital platforms for personal and financial activities makes us vulnerable to data breaches and identity theft if updates are not installed promptly.”

He further highlights the need for timely software updates, stating, “This serves as a reminder for everyone to prioritize cybersecurity. Keeping systems and applications updated is essential to guard against the constantly changing threat landscape.”

These vulnerabilities challenge the perception of Apple’s immunity to cyber threats and underscore the importance of cybersecurity hygiene.