Apple Device Vulnerabilities: A High-Severity Alert from CERT-In

Apple device users should pay attention to the recent high-severity alert issued by India’s cyber security authority, CERT-In. This warning highlights multiple security vulnerabilities that may put billions of iPhones, iPads, Macs, Apple Watches, and other Apple products at risk of cyberattacks.

Affected Devices

The identified vulnerabilities affect several of Apple’s main platforms, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. The specific versions that are vulnerable include:

• iPhones operating on iOS versions earlier than 18.6
• iPads running on iPadOS versions prior to 17.7.9 and 18.6
• Macs using macOS versions older than Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7
• Apple Watches with watchOS versions earlier than 11.6
• Apple TV and Vision Pro devices using tvOS or visionOS before versions 18.6 and 2.6 respectively

CERT-In stresses that users still on these outdated versions are particularly vulnerable, both within India and worldwide.

What’s the Risk?

The advisory details several severe vulnerabilities that, if utilised by cybercriminals, could enable unauthorized access, execution of arbitrary code, theft or alteration of sensitive data, privilege escalation, or denial-of-service (DoS) incidents.

These vulnerabilities arise from various technical issues, such as type confusion, integer overflows, buffer overflows, race conditions, logic errors, memory mismanagement, and improper privilege handling. Attackers may exploit these flaws by sending specially crafted files or requests to the targeted devices.

CERT-In classifies the overall risk level as high, particularly for businesses that rely on Apple devices for their everyday functions. The advisory also warns of potential data breaches, operational disruptions, and damage to reputation if a successful attack occurs.

What Should Users Do?

Apple has released security updates that rectify these vulnerabilities across its platforms. CERT-In strongly advises all users to promptly install the latest software updates. These updates can be found in device settings or through Apple’s official support website.

In addition to applying patches, users are encouraged to maintain good cyber hygiene by:

• Avoiding unverified applications
• Refraining from clicking on suspicious links
• Monitoring for unusual device behaviour
• Keeping software updated regularly

Organizations should ensure that IT departments are promptly applying these patches across all Apple-based systems to mitigate risks.

Given the increasing complexity of cyber threats aimed at widely used devices, the CERT-In advisory highlights the critical need for proactive digital security measures.