The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert regarding multiple security vulnerabilities found across a wide range of Apple products. The flaws, if exploited, could allow attackers to execute arbitrary code, bypass security mechanisms, escalate privileges, or cause denial-of-service (DoS) conditions on affected devices. This warning is part of the recently released vulnerability note CIVN-2025-0163.
CERT-In warns against the risk
According to CERT-In, the vulnerabilities impact several Apple operating systems, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Devices running versions older than the latest available releases are particularly at risk. The affected versions include iOS prior to 18.6, iPadOS prior to 17.7.9 and 18.6, macOS Sequoia before 15.6, macOS Sonoma before 14.7.7, macOS Ventura before 13.7.7, watchOS before 11.6, tvOS before 18.6, and visionOS before 2.6.
CERT-In’s advisory highlights that the risks posed by these vulnerabilities are significant. If exploited successfully, an attacker could gain unauthorised access to sensitive information, manipulate system data, disrupt services, or take complete control of the affected devices. These flaws result from a variety of technical issues, such as type confusion, integer and buffer overflows, race conditions, logic errors, improper input validation, flawed memory management, and incorrect privilege handling. Attackers can potentially exploit these by sending specially crafted requests to the targeted system.
The cyber agency has assessed the overall risk as high, particularly for both individual users and organisations that depend on Apple devices for critical functions. The consequences of a successful attack could include data breaches, system downtime, and severe reputational harm. CERT-In has strongly advised users to treat this issue as a priority and take immediate steps to secure their devices.
How to stay protect your devices
In response, Apple has released patches addressing the identified vulnerabilities. Users are urged to promptly apply these updates to ensure their systems are protected. The relevant security patches are available through Apple’s official support channels and cover all impacted platforms. Users can find update details on Apple’s website via dedicated links to updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. These include support documents with IDs such as 124148, 124149, 124150, 124151, 124155, 124147, 124153, and 124154.
CERT-In has also encouraged users to adopt standard cyber hygiene practices. These include avoiding unverified applications, not clicking on suspicious links, regularly monitoring devices for abnormal activity, and keeping systems up to date with the latest software patches. Organisations should also ensure their IT teams are aware of the issue and implement the updates across all Apple-based endpoints without delay.
This advisory comes as a reminder of the growing complexity of cyber threats targeting widely used consumer and enterprise technologies. With Apple products playing a key role in both personal and business environments, keeping them secure is critical. For further information, users can visit the official CERT-In website or Apple’s support pages to access technical documentation and patch details.
