Millions of Apple devices at risk: CERT-In issues warning for critical security flaw

India’s cyber security watchdog CERT-In has issued a high-severity alert for users of Apple devices, warning of multiple security flaws that could leave billions of iPhones, iPads, Macs, Apple Watches, and other products vulnerable to attack. 

Affected devices

The vulnerabilities span across Apple’s key platforms: iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Specifically, the following versions have been marked as vulnerable:

• iPhones running iOS versions before 18.6
• iPads with iPadOS versions before 17.7.9 and 18.6
• Macs on macOS versions earlier than Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7
• Apple Watch running watchOS versions before 11.6
• Apple TV and Vision Pro devices on tvOS or visionOS earlier than 18.6 and 2.6 respectively

CERT-In emphasises that users still running outdated versions are especially at risk, both in India and globally.

What’s the risk?

The advisory outlines several critical vulnerabilities that, if exploited, could allow attackers to gain unauthorised access, execute arbitrary code, steal or modify sensitive data, escalate privileges, or cause denial-of-service (DoS) conditions.

These issues stem from various technical flaws, including type confusion, integer overflows, buffer overflows, race conditions, logic errors, memory mismanagement, and incorrect privilege handling. Attackers can potentially exploit these by sending specially crafted files or requests to targeted devices.

CERT-In categorises the overall risk level as high, particularly for enterprise users relying on Apple devices for day-to-day operations. The advisory also warns of potential data breaches, operational disruption, and reputational damage in the event of a successful exploit.

What should users do?

Apple has already issued security patches addressing these vulnerabilities across its platforms. CERT-In strongly urges all users to install the latest software updates immediately. These updates can be accessed via device settings or through Apple’s official support website.

In addition to patching devices, users are encouraged to follow basic cyber hygiene measures:

• Avoid installing unverified apps
• Refrain from clicking on suspicious links
• Monitor for abnormal device behaviour
• Keep software regularly updated

Organisations should ensure that IT teams roll out patches across all Apple-based systems without delay.

With the growing complexity of cyber threats targeting widely used devices, the CERT-In advisory serves as a timely reminder of the importance of proactive digital security.