The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a high-severity security advisory warning Apple device users in India of multiple critical vulnerabilities.
These flaws affect a wide range of Apple products including iPhones, iPads, Macs, Apple Watches, Apple TVs, and the recently introduced Vision Pro.
According to the advisory released on August 6, 2025, devices running outdated software versions are at significant risk. Specifically, users operating iOS versions earlier than 18.6, iPadOS versions below 17.7.9 or 18.6, macOS Sequoia versions prior to 15.6, Sonoma before 14.7.7, Ventura before 13.7.7, watchOS before 11.6, tvOS before 18.6, and visionOS prior to 2.6 are vulnerable.
These vulnerabilities are considered highly exploitable and can be used by attackers to gain remote access, execute malicious code, bypass security restrictions, or crash the devices altogether.
The advisory outlines technical issues such as buffer overflows, use-after-free bugs, type confusion, logic errors, and race conditions that cyber attackers could leverage.
If exploited, these issues may allow malicious actors to gain unauthorized access, steal sensitive information, elevate privileges, or deny access to legitimate users by disabling device functionality.
CERT-In recommends that all users update their Apple devices immediately to the latest available software versions. Additionally, users are advised to enable automatic updates to receive future patches without delay.
Other precautionary steps include avoiding app downloads from unknown sources, refraining from clicking suspicious links, and monitoring devices for unusual behavior like overheating, crashing, or unexpected performance issues.
This warning is significant as it potentially impacts over two billion Apple devices globally. Users in India, especially those in critical sectors such as finance, healthcare, and public services, are urged to act swiftly to mitigate the risk.
The agency emphasizes that failure to apply the updates could leave devices exposed to severe security breaches and data loss.
