In a recent alert, the Indian Computer Emergency Response Team (CERT-In) has identified critical security vulnerabilities affecting a wide range of Apple devices, including iPhones and iPads. These flaws could allow attackers to access sensitive information, execute unauthorized code, or even render devices unusable. CERT-In has confirmed that some of these vulnerabilities are already being exploited in active cyberattacks.
Devices and Software Versions Affected
The vulnerabilities impact devices running outdated versions of Apple’s operating systems. Specifically, iPhones operating on iOS versions prior to 18.3 and iPads on iPadOS versions before 17.7.3 or 18.3 are at risk. Affected models include the iPhone XS and newer, iPad Pro (2nd generation and up), iPad 6th generation and later, iPad Air from the 3rd generation onward, and iPad mini 5th generation and above .
Nature of the Vulnerabilities
One significant flaw lies in the Darwin notification system, a core component of Apple’s internal messaging framework. This vulnerability allows applications to send sensitive system-level notifications without special permissions, potentially leading to device crashes and unresponsiveness.
Other identified issues include type confusion errors, use-after-free flaws, out-of-bounds reads/writes, improper input checks, buffer overflows, and path handling issues. These vulnerabilities could enable attackers to steal personal and financial data, bypass security mechanisms, and execute malicious code.
Recommended Actions for Users
To mitigate these risks, CERT-In strongly advises all Apple users to update their devices to the latest available versions of iOS or iPadOS. Users should also avoid downloading apps from untrusted sources and monitor their devices for any abnormal activity that could indicate a potential breach.
Apple has released security patches addressing these issues. Users can update their devices by navigating to Settings > General > Software Update on iPhones and iPads. Enabling automatic updates is also recommended to ensure timely installation of future patches.
Broader Implications
This warning comes at a time when Apple’s presence in India is growing. In the first quarter of 2025, Apple recorded a 23% year-on-year increase in shipments, the highest among the top five smartphone manufacturers in the country. As more users adopt Apple devices, staying informed about potential security risks becomes increasingly important.
Users are encouraged to remain vigilant, keep their devices updated, and follow best practices to protect their personal information and ensure device security.
