 "Cert-In flags multiple vulnerabilities in Apple's iPhone, iPad OS")
The Indian Computer Emergency Response Team (Cert-In) has flagged multiple vulnerabilities in Apple’s iPhone, Mac, and iPad, which it said could allow an attacker to “execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security restrictions, or cause denial of service on the targeted system”.
These vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their devices, cause service disruptions, and compromise the entire device.
Apart from these, the vulnerabilities flagged could also lead to data manipulation, spoofing, and corruption of the memory of targeted devices, Cert-In warned.
Apple iPhone’s iOS and iPad OS versions before 26.2 and 18.7.3, some versions of Mac OS Tahoe, Sequoia and Sonoma, Apple TV OS, Apple Watch, Vision, and some versions of Safari could be impacted by these vulnerabilities, Cert-In said.
Apple did not respond to e-mails seeking clarification on the vulnerabilities flagged by Cert-In.
Cert-In, the nodal body for all matters related to cybersecurity and digital protection, functions under the Ministry of Electronics and Information Technology (Meity).
Overall, in 2025, Cert-In issued multiple advisories in January, February, August, September, and November, cautioning users about vulnerabilities in Apple’s iPhone OS, iPad OS, Mac OS, Apple TV, and Watch OS, as well as other devices the company makes.
Earlier this year in April, and then in December, Apple sent out a fresh round of notices to its users worldwide, including some in India, warning them that they could have been targeted by mercenary spyware attacks that sought to gain remote access to their devices.
In notices sent to users in April, Apple said the threat notification messages it sends to individuals it believes have been targeted by the mercenary spyware “are designed to inform and assist users".
“Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks,” Apple had then said.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%