Before "Threat" Message, Centre's "High Severity" Warning Against Apple

Apple has said "it is possible some threat notifications may be false alarms", and that it "relies on often imperfect intelligence signals" to detect potential hacking attempts.

Before 'Threat' Message, Centre's 'High Severity' Warning Against Apple

Apple sent "threat notifications" to several people, prompting a political row in India (File).

New Delhi:

Days before Apple warned some users, including opposition MPs in India, of "state-sponsored attackers" trying to remotely compromise their devices, a government advisory had addressed "multiple vulnerabilities" in the company's products and issued a "high" severity rating.

According to the Computer Emergency Research Team, or CERT, the advisory was first issued on October 27 - four days before screenshots were shared on X, formerly Twitter, of messages and/emails from Apple that said "ALERT: State-sponsored attackers may be targeting your iPhone".

Among other iterations of Apple's operating systems, the advisory identified iOS and iPadOS versions "prior to 17.1", and macOS Sonoma versions "prior to 14.1", Ventura versions "prior to 13.6.1", and Monterey versions "prior to 12.7.1" as being vulnerable to hackers. It also singled out Safari (Apple's internet browser) versions "prior to 17.1", and the company's tvOS and watchOS systems.

"Multiple vulnerabilities have been reported in Apple products, which could allow an attacker to access sensitive information, execute arbitrary code, bypass security restrictions, cause DoS conditions, bypass authentication, gain elevated privileges and perform spoofing attacks on the targeted system."

The advisory linked to nine Apple software updates to fix these vulnerabilities, as well as to technical support pages for more information about the technology giant's operating systems.

CERT also noted "the information provided... is on 'as is' basis... without warranty..."

On Tuesday, opposition MPs like Shashi Tharoor of the Congress, the Shiv Sena (UBT)'s Priyanka Chaturvedi, and Mahua Moitra of the Trinamool, said they had received messages from Apple warning them of "state-sponsored attackers" trying to remotely and illegally access their iPhones.

Apple said "it is possible some threat notifications may be false alarms", and that it "relies on often imperfect and incomplete threat intelligence signals" to detect potential hacking attempts.

IT Minister Ashwini Vaishnaw has ordered a detailed inquiry into Apple's warning messages.

READ | "Apple Advisory In 150 Nations": Centre On Opposition's Hacking Attempt Charge

He said the government "takes its role of protecting privacy and security of all citizens very seriously". "... (we) will investigate... have also asked Apple to join the investigation..."

Junior IT Minister, Rajeev Chandrasekhar, told NDTV Apple users in other countries also received notifications, and called on the company to "explain" if its products had indeed been compromised.

READ |Exclusive: "Apple Must Say If Devices Secure," Says Minister On 'Hacking' Row

Meanwhile, sources have told NDTV the IT Ministry will write to Apple about use of the term "state-sponsored" attackers in its notifications.

The row over Apple's "threat notifications" comes days before polls in five states and months before the 2024 Lok Sabha election, and drew immediate comparisons to the 2021 Pegasus spyware scandal, in which it was alleged the government was spying on opposition leaders and critics.

The government strongly denied all such charges.

NDTV is now available on WhatsApp channels. Click on the link to get all the latest updates from NDTV on your chat.