Government Issues Advisory on Critical Security Flaws in Apple Devices

The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security advisory (CIAD-2025-0006) warning users of serious vulnerabilities affecting Apple products, including iPhones, iPads, Macs, Apple TVs, Apple Watches, and Vision Pro headsets. These vulnerabilities could allow hackers to steal sensitive data, execute malicious code, bypass security protections, and gain elevated privileges on affected devices.

Key Security Risks

The flaws originate from null pointer dereference, type confusion, use-after-free errors, out-of-bounds read/write operations, improper file handling, and buffer overflow issues. Notably, CVE-2025-24085 has been actively exploited, allowing attackers to gain unauthorized control over older Apple software versions.

Affected Devices & Software

Users running outdated versions of macOS, iOS, iPadOS, tvOS, watchOS, visionOS, and Safari are at risk. The advisory lists specific vulnerable versions, including:

• macOS Sequoia (before 15.3), macOS Sonoma (before 14.7.3), macOS Ventura (before 13.7.3)
• iOS/iPadOS (before 17.7.4 and 18.3), watchOS (before 11.3), tvOS (before 18.3), visionOS (before 2.3), Safari (before 18.3)

Recommended Security Measures

CERT-In urges Apple users to:

• Update immediately: Install the latest software updates to patch vulnerabilities.
• Avoid untrusted sources: Do not download apps or files from unknown websites.
• Enable automatic updates: Keep security patches up to date.

Monitor devices for unusual activity: Watch for signs of compromise.

Source: Moneycontrol