CERT-In Issues High-Severity Warning For Apple Devices: Users Urged To Update iPhones, Macs, And Watches Immediately

The Indian Computer Emergency Response Team (CERT-In) has issued an alert pointing out the threats in several areas related to Apple products: iPhones, iPads, Macs, Apple Watches, Apple TVs and KeyHunter Pro headsets along with software services like Safari and Xcode. The agency has urged users to update their devices to the newest available software as soon as possible, with the vulnerabilities potentially enabling attackers to run arbitrary code, gain higher-level privileges, collect sensitive information or interrupt services.

Which Apple Devices Are Affected

As per CERT-In, the bugs affect multiple Apple gadgets that are operating on previous versions (earlier the latest update/patch) of software including iOS 26.1 and "corresponding OS updates".

ALSO READ: Firefox Is Getting An AI Window: Chat With AI Without Leaving Your Browser

The affected devices and software include:

iPhones and iPads: iOS/iPadOS versions before 26.1

Mac computers: macOS Sequoia before 15.1, Ventura before 13.7.1, and Monterey before 12.7.2

Apple Watch: watchOS before 11.1

Apple TV: tvOS before 18.1

Apple Vision Pro: visionOS before 2.1

Safari Browser: versions before 17.6.1

Xcode: versions before 15.4

The vulnerabilities range across a number of core parts of the system such as Kernel, WebKit, CoreAnimation and even Siri calls out multiple CVEs.

What the Vulnerabilities Could Allow

According to CERT-In, these vulnerabilities carry high risk of data theft, remote code execution and full system compromise. These may be abused by attackers to achieve:

- The remote execution of any arbitrary code or command

- Escalate and find me an admin access

- Reveal or steal sensitive personal and financial information

- Bypass key system security restrictions

- Create denial of service (DoS) states that can cause the system to crash

The pair of vulnerabilities are noteworthy in part because they affect fundamental layers of the Apple operating system and its web rendering engine, known as WebKit, that powers Safari and other applications.

CERT-In’s Official Assessment

Risk Level: High

Target Audience: Individual and organisational Apple users

Impact Assessment:

- Risk of unauthorised access to sensitive data

- Potential for malware propagation

- Possibility of device crash or complete system compromise

Several CVEs associated with these vulnerabilities include memory corruption, spoofing and elevation of privilege threats that could allow attackers remote control of affected devices, according to the advisory.

Recommended Actions for Apple Users

CERT-In has advised all users to upgrade their devices with the latest Apple software versions and install security updates for known vulnerabilities.

Here’s what you should do right now:

1. Install Latest Updates:
iPhone/iPad: Update to iOS/iPadOS 26.1

Mac: Update to macOS Sequoia 15.1, Ventura 13.7.1, or Monterey 12.7.2

Apple Watch: Update to watchOS 11.1

Apple TV: Update to tvOS 18.1

Apple Vision Pro: Update to visionOS 2.1

Safari: Update to version 17.6.1

Xcode: Update to version 15.4

2. Enable Automatic Updates

Turn on auto-updates under Settings → General → Software Update to ensure your device stays protected against future threats.

3. Download Only from Trusted Sources

Use the App Store exclusively for apps and avoid sideloading or third-party downloads.

4. Avoid Clicking Unknown Links or Attachments

Be cautious of unsolicited messages or emails that contain suspicious URLs.

4. Keep Security Features Enabled

Ensure two-factor authentication (2FA) and Find My are active for added protection.

5. Use Strong, Unique Passwords

Use Apple’s built-in password manager or a trusted third-party tool to secure your accounts.

ALSO READ: Apple Sharpens Focus On Leadership Transition For Tim Cook, FT Reports

Apple’s Latest Security Fixes

The most recent releases from Apple are of several CVE issues, some of them found in WebKit, CoreAnimation and Kernel. The fixes cover security holes that attackers could exploit to remotely execute code merely by visiting a malicious website or opening a compromised file.

Some notable CVEs include:

- CVE-2025-43442, CVE-2025-43447, CVE-2025-43462, CVE-2025-43455 — Kernel and WebKit-related code execution flaws

- CVE-2025-43379, CVE-2025-43407, CVE-2025-43423 — Memory corruption vulnerabilities allowing privilege escalation

- CVE-2025-43436, CVE-2025-43448, CVE-2025-43454 — Security restriction bypass issues

Apple’s own release notes acknowledge that these updates address critical vulnerabilities to try to protect against high-impact exploits, which they say may have been exploited.

Final Thoughts

The CERT-In high severity alert comes in the backdrop of increased cyberthreats targeting personal devices as well as attacks on software supply chain. As many users depend on these devices, delays in applying the updates may lead to serious risks, such as data theft or system compromise.

The best and easiest defense is to update all your Apple devices immediately, and practice good cybersecurity hygiene — including setting up automatic updates, being cautious of links from unknown senders and only downloading software or applications from trusted sources.

In CERT-In’s words, the cost of ignoring this update could be “unauthorised access to sensitive data, malware propagation, and complete system compromise.”