Alert Apple users! CERT-In warns against critical risk: How to stay safe online

The Indian Computer Emergency Response Team (CERT-In) has raised an urgent alert about severe security vulnerabilities affecting a range of Apple products. These vulnerabilities have the potential to enable attackers to execute arbitrary code, circumvent security protocols, elevate their access rights, or trigger denial-of-service (DoS) situations on the impacted devices. This warning comes in the wake of vulnerability note CIVN-2025-0163, which indicates that multiple Apple operating systems, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, are at risk. Devices operating on outdated versions of these systems are particularly vulnerable. Specifically, versions prior to iOS 18.6, iPadOS 17.7.9 and 18.6, macOS Sequoia before 15.6, macOS Sonoma before 14.7.7, macOS Ventura before 13.7.7, watchOS before 11.6, tvOS before 18.6, and visionOS before 2.6 are all affected. CERT-In has classified the risk level of these vulnerabilities as high. If successfully exploited, an attacker could gain unauthorized access to confidential information, manipulate system data, disrupt services, or even seize complete control of the compromised devices. The vulnerabilities stem from a variety of technical challenges, including type confusion, integer and buffer overflows, race conditions, logic flaws, improper input validation, and poor memory management. Attackers could potentially exploit these issues by sending specially crafted requests to the targeted systems. The implications of a breach are significant, especially for users and organizations that rely on Apple devices for essential functions. Possible consequences include data breaches, operational downtime, and substantial damage to reputation. In light of these threats, CERT-In has urged users to prioritize this issue and take swift action to secure their devices. In response to the vulnerabilities, Apple has released patches aimed at mitigating the identified security risks. Users are strongly encouraged to apply these updates immediately to safeguard their systems. The necessary security patches can be found through Apple’s official support channels, covering all the affected platforms. Users can access detailed update information on Apple’s website through links associated with iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. The updates are documented under support IDs such as 124148, 124149, 124150, 124151, 124155, 124147, 124153, and 124154. Additionally, CERT-In has recommended that users adhere to standard cybersecurity best practices. This includes avoiding unverified applications, refraining from clicking on dubious links, routinely monitoring devices for unusual activity, and ensuring that systems are consistently updated with the latest software patches. Organizations should also ensure that IT personnel are aware of the vulnerabilities and implement updates across all Apple devices without delay. This advisory serves as a crucial reminder of the evolving landscape of cyber threats targeting widely used consumer and enterprise technologies. Given the significant role Apple products play in both personal and professional settings, maintaining their security is imperative. For further guidance, users can visit the official CERT-In website or Apple’s support pages for technical documentation and patch details.