Apple users at risk: CERT-In flags major iOS and macOS vulnerabilities, here’s how to stay safe

India’s Computer Emergency Response Team has released a high-severity security advisory for a wide set of Apple devices. The agency has warned that multiple flaws across Apple’s operating systems and key apps could leave users exposed to data theft, privilege escalation, and complete device compromise if left unpatched.

Wide range of Apple products affected

According to CERT-In, the vulnerabilities impact iPhones and iPads running versions earlier than iOS and iPadOS 26.1, several macOS releases including Sequoia before 15.1, Ventura before 13.7.1, and Monterey before 12.7.2, as well as older versions of watchOS, tvOS, visionOS, Safari, and Xcode.

Reportedly, the issues stem from weaknesses in critical components such as the Kernel, WebKit, CoreAnimation, and Siri. These flaws are linked to a long list of CVE identifiers, indicating that attackers could exploit them to execute arbitrary code, elevate privileges, access sensitive data, bypass built-in safeguards, or trigger denial-of-service conditions.

Serious risks for users and organisations

In its advisory, the agency notes that the flaws pose a high risk of unauthorised access to confidential information, service interruption, and full system takeover. CERT-In points to potential outcomes including data theft, malware spread, and system crashes across affected devices.

The threat applies to both individual users and organisations relying on Apple hardware for daily operations. Devices running outdated versions of iOS, iPadOS, macOS, watchOS, tvOS, visionOS, Safari, and Xcode are listed as vulnerable.

Update immediately, says CERT-In

To reduce exposure, CERT-In has urged all users to install the latest updates released by Apple, including iOS and iPadOS 26.1 and corresponding patches across other platforms. These updates address the reported vulnerabilities and introduce essential security fixes.

The agency also recommends enabling automatic updates, installing apps only from trusted sources, and avoiding suspicious links to minimise the likelihood of targeted attacks.

CERT-In’s full advisory warns that the vulnerabilities could lead to memory corruption, spoofing, data manipulation, and several other severe security outcomes if left unresolved. Users have been advised to act promptly to secure their devices.