The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert. This alert concerns multiple vulnerabilities affecting a wide range of Apple products. If these flaws are exploited, attackers can steal sensitive information. They execute arbitrary code and bypass security measures. Attackers gain elevated privileges or cause a denial-of-service (DoS) on targeted devices.
Affected Apple Software Versions
- iOS: Versions before 18.6
- iPadOS: Versions before 17.7.9 and 18.6
- macOS Sequoia: Versions before 15.6
- macOS Sonoma: Versions before 14.7.7
- macOS Ventura: Versions before 13.7.7
- watchOS: Versions before 11.6
- tvOS: Versions before 18.6
- visionOS: Versions before 2.6
Risk & Impact
CERT-In has classified the vulnerabilities as high risk, warning that they lead to:
- Unauthorized system access
- Data theft and manipulation
- Service disruption
- Potential reputational damage for organizations
Technical Overview
The vulnerabilities stem from multiple security issues. These include type confusion, use-after-free errors, buffer overflows, race conditions, insufficient input validation, and flawed memory handling. Attackers could exploit these weaknesses by sending specially crafted requests to vulnerable systems.
CERT-In’s Advisory: Immediate Action Required
CERT-In advises all users—individuals and organizations—to apply Apple’s latest security patches without delay. Apple has released updates across all affected platforms. Security fixes are detailed in Apple’s official advisories:
- Apple Security Update 124148
- Apple Security Update 124149
- Apple Security Update 124150
- Apple Security Update 124151
- Apple Security Update 124147
- Apple Security Update 124155
- Apple Security Update 124153
- Apple Security Update 124154
With dozens of CVEs linked to these vulnerabilities, including CVE-2025-24119 and CVE-2025-7425, security experts stress the urgency of applying updates. CERT-In warns that delaying patches would leave devices open to targeted cyberattacks
