CERT-In Issues Warning Over Critical Security Vulnerabilities in Apple Devices
The Indian Computer Emergency Response Team (CERT-In) has issued a significant security alert for Apple users following the discovery of multiple vulnerabilities in several Apple devices, including iPads, Macs, and iPhones. The warning, which was issued this week, highlights potential risks within the operating systems that power a wide range of Apple products. If exploited, these vulnerabilities could lead to unauthorized access to sensitive information, allowing attackers to compromise systems and perform a variety of malicious actions.
Security Risks in Apple Products
In its advisory dated January 28, CERT-In detailed several high-risk vulnerabilities that affect a wide range of Apple products. The flaws could allow attackers to execute arbitrary code, bypass security measures, manipulate data, and even escalate privileges on affected devices. Specific risks include denial of service (DoS) conditions, bypassing authentication protocols, and executing spoofing attacks. These vulnerabilities could significantly impact the privacy and functionality of the devices.
Affected Versions and Devices
The advisory identifies a number of Apple products that are susceptible to these vulnerabilities. The list includes several versions of macOS, including macOS Sequoia (prior to 15.3), macOS Sonoma (prior to 14.7.3), and macOS Ventura (prior to 13.7.3). Additionally, iPadOS (prior to 17.7.4), iOS, tvOS, and visionOS (prior to 18.3) are all impacted by these flaws. Apple’s Safari browser and watchOS (prior to 11.3) are also affected. CERT-In rates these vulnerabilities as “high risk,” urging Apple users to take immediate action to safeguard their devices.
Root Causes and Exploited Vulnerabilities
The vulnerabilities have been traced back to several technical issues such as null pointer dereference, type confusion errors, and use-after-free errors. Other issues include problems related to file handling, input validation, and the handling of user-sensitive data. Of particular concern is CVE-2025-24085, a critical vulnerability that is actively being exploited in the wild. This flaw affects devices running older versions of iOS, iPadOS, and macOS, making it especially important for users of older devices to update their software.
CERT-In’s Recommendations
To mitigate these risks, CERT-In strongly advises all Apple users to update their devices to the latest software versions. This follows a recent release from Apple, which issued an update aimed at patching many of these vulnerabilities. Apple has taken steps to address these issues, but it’s crucial that users stay proactive by applying security updates promptly. This advisory serves as a reminder of the importance of keeping devices up to date to prevent potential breaches and data compromises.
