Center Warning to Apple
Days before Apple warned some users, including opposition MPs in India, of “state-sponsored attackers” trying to remotely compromise their devices, a government advisory addressed “multiple vulnerabilities” in the company’s products, giving them a “high” severity rating. According to the Computer Emergency Research Team (CERT), the advisory was initially issued on October 27, just four days before screenshots were shared on social media platforms of messages and emails from Apple that said, “ALERT: State-sponsored attackers may be targeting your iPhone.”
The advisory identified vulnerable versions of Apple’s operating systems, including iOS, iPadOS, macOS Sonoma, Ventura, and Monterey, as well as Safari, tvOS, and watchOS systems. It mentioned that these vulnerabilities could potentially allow attackers to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, and perform spoofing attacks on the targeted systems.
Also Read: Chawls which once Shaped Mumbai’s ‘City of Dreams’, Now Making Way for Skyscrapers
To address these vulnerabilities, the advisory linked to nine Apple software updates and provided technical support pages for further information about the company’s operating systems. However, it’s worth noting that the advisory came with a disclaimer that the information was provided “as is” and without warranty.
On Tuesday, several opposition MPs in India, including Shashi Tharoor of the Congress, Priyanka Chaturvedi of the Shiv Sena (UBT), and Mahua Moitra of the Trinamool, reported receiving messages from Apple warning them of “state-sponsored attackers” attempting to access their iPhones remotely and illegally.
Also Read: Mahua Moitra to attend Lok Sabha’s ethics committee, promises to demolish the case
Apple stated that “it is possible some threat notifications may be false alarms” and that it relies on often imperfect and incomplete threat intelligence signals to detect potential hacking attempts. In response, IT Minister Ashwini Vaishnaw has ordered a detailed inquiry into Apple’s warning messages, emphasizing the government’s commitment to protecting the privacy and security of its citizens. The junior IT Minister, Rajeev Chandrasekhar, mentioned that Apple users in other countries also received similar notifications and called on the company to provide an explanation if its products had indeed been compromised.
Furthermore, sources have indicated that the IT Ministry will write to Apple regarding the use of the term “state-sponsored” attackers in its notifications. This controversy over Apple’s “threat notifications” has emerged just days before polls in five Indian states and months ahead of the 2024 Lok Sabha election, drawing immediate comparisons to the 2021 Pegasus spyware scandal, in which allegations arose about the government spying on opposition leaders and critics. The government, however, strongly denied these charges.
