India’s national cyber response agency, Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert warning users of critical security vulnerabilities affecting Apple’s iOS, iPadOS and several other operating systems. The flaws, CERT-In said, could expose users’ sensitive data and privacy to serious risks if left unpatched.
In its advisory, CERT-In cautioned that the identified weaknesses could allow an attacker to execute arbitrary code, gain elevated privileges, access confidential information, bypass security restrictions, or even disrupt services on targeted devices.
What CERT-In Said
According to the agency, successful exploitation of these vulnerabilities may result in:
- Unauthorised access to sensitive user data
- Compromise of the entire device
- Data manipulation and spoofing attacks
- Memory corruption and service disruption
“These vulnerabilities pose a significant risk to Apple users, as threat actors could exploit them remotely or locally, depending on the flaw,” CERT-In said.
Devices and Versions Affected
CERT-In noted that the vulnerabilities impact multiple Apple platforms, including:
- iOS and iPadOS versions prior to 26.2 and 18.7.3
- Certain versions of macOS Tahoe, Sequoia and Sonoma
- Select builds of tvOS, watchOS, visionOS, and Safari
Users running older or unpatched versions of these operating systems may be particularly vulnerable.
Apple Yet to Respond
Apple did not respond to queries seeking clarification on the CERT-In advisory at the time of publication. The agency, which functions under the Ministry of Electronics and Information Technology (MeitY), is the nodal body for handling cybersecurity incidents and issuing digital safety advisories in India.
Pattern of Repeated Alerts in 2025
CERT-In has issued multiple advisories this year—in January, February, August, September, and November—warning users about security gaps in Apple’s ecosystem, including iOS, iPadOS, macOS, tvOS and watchOS.
Earlier this year, in April and again in December, Apple also sent threat notifications to users worldwide, including some in India, cautioning them about potential spyware attacks aimed at gaining remote access to devices.
What Users Should Do
Cybersecurity experts advise Apple users to:
- Update devices immediately to the latest available software versions
- Enable automatic security updates
- Avoid installing apps from unverified sources
- Be cautious of suspicious links, messages or email attachments
CERT-In has reiterated that timely patching remains the most effective defence against exploitation of known vulnerabilities.
With Apple devices widely used across personal, enterprise and government environments, the advisory underscores the growing importance of software hygiene and prompt updates in an era of increasingly sophisticated cyber threats.
