Cert-In flags multiple vulnerabilities in Apple's iPhone, iPad OS

These vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their devices, cause service disruptions, and compromise the entire device

Apple brings several improvements to the base iPhone 17, making it one of the most balanced smartphones of 2025 — Cert-In warns of multiple security flaws in Apple devices that could allow hacking, data theft and service disruption, urging users to update software promptly. (Photo: Harsh Shivam)

2 min read Last Updated : Dec 19 2025 | 8:00 PM IST

The Indian Computer Emergency Response Team (Cert-In) has flagged multiple vulnerabilities in Apple’s iPhone, Mac, and iPad, which it said could allow an attacker to “execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security restrictions, or cause denial of service on the targeted system”.

These vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their devices, cause service disruptions, and compromise the entire device.

Apart from these, the vulnerabilities flagged could also lead to data manipulation, spoofing, and corruption of the memory of targeted devices, Cert-In warned.

Apple iPhone’s iOS and iPad OS versions before 26.2 and 18.7.3, some versions of Mac OS Tahoe, Sequoia and Sonoma, Apple TV OS, Apple Watch, Vision, and some versions of Safari could be impacted by these vulnerabilities, Cert-In said.

Apple did not respond to e-mails seeking clarification on the vulnerabilities flagged by Cert-In.

Cert-In, the nodal body for all matters related to cybersecurity and digital protection, functions under the Ministry of Electronics and Information Technology (Meity).

Overall, in 2025, Cert-In issued multiple advisories in January, February, August, September, and November, cautioning users about vulnerabilities in Apple’s iPhone OS, iPad OS, Mac OS, Apple TV, and Watch OS, as well as other devices the company makes.

Earlier this year in April, and then in December, Apple sent out a fresh round of notices to its users worldwide, including some in India, warning them that they could have been targeted by mercenary spyware attacks that sought to gain remote access to their devices.

In notices sent to users in April, Apple said the threat notification messages it sends to individuals it believes have been targeted by the mercenary spyware “are designed to inform and assist users".

“Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks,” Apple had then said.