Cert-In warns of multiple vulnerabilities in Apple's products and services

Advisory flags high-severity flaws that could enable remote code execution, system access, and denial-of-service attacks across Apple devices and other platforms

The Indian Computer Emergency Response Team (Cert-In) has issued a high-severity advisory warning users of multiple vulnerabilities in Apple’s products that allow attackers to execute code remotely and gain system access.

 

Cert-In, the nodal body for all matters related to cybersecurity and digital protection, functions under the Ministry of Electronics and Information Technology.

 

In its advisory, Cert-In said these vulnerabilities could allow attackers to bypass security restrictions or cause denial-of-service attacks on the targeted system. Apple’s iOS and iPadOS versions prior to 26.4 are likely to have been affected by these vulnerabilities, Cert-In said.

 

Apart from vulnerabilities in Apple’s products and services, Cert-In has also issued high-severity warning notes for multiple issues in Google Chrome’s desktop version and Mozilla products.

 

Over the last year, Cert-In has flagged several vulnerabilities in Apple’s products and services. In December 2025, Cert-In said that multiple vulnerabilities in Apple’s iPhone, Mac, and iPad could allow an attacker to “execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security restrictions, or cause denial of service on the targeted system”.

 

These vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their devices, cause service disruptions, and compromise the entire device.

 

Apart from these, the vulnerabilities flagged could also lead to data manipulation, spoofing, and corruption of the memory of targeted devices, Cert-In had then warned.

 

In April and December 2025, Apple sent out a fresh round of notices to its users worldwide, including some in India, warning them that they may have been targeted by mercenary spyware attacks seeking to gain remote access to their devices.

 

In notices sent to users in April, Apple said the threat notification messages it sends to individuals it believes have been targeted by the mercenary spyware “are designed to inform and assist users”.

 

“Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks,” Apple had then said.