iPhone Securiy Issue: The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory (CIAD-2025-0006) warning users of multiple vulnerabilities in various Apple products. The advisory alerts users to critical security flaws that could allow malicious actors to gain unauthorised access, execute arbitrary code, bypass security protocols, cause denial-of-service (DoS) conditions, and even acquire elevated privileges on affected devices.
Which Apple Products Are Affected?
The vulnerabilities impact popular Apple platforms, including macOS, iOS, iPadOS, tvOS, visionOS, and Safari. Devices at risk include iPhones, iPads, Macs, Apple Watches, Apple TVs, and the Vision Pro headset. CERT-In provided a list of affected software versions:
- macOS Sequoia: Versions earlier than 15.3
- macOS Sonoma: Versions below 14.7.3
- macOS Ventura: Versions before 13.7.3
- iOS and iPadOS: Versions prior to 17.7.4 and 18.3
- tvOS: Older than 18.3
- visionOS: Before version 2.3
- Safari: Versions lower than 18.3
- watchOS: Prior to 11.3
Technical Risks
According to the advisory, these vulnerabilities are linked to issues such as buffer overflows, type confusion, improper input validation, null pointer dereference, and out-of-bounds read/write errors.
One particularly severe flaw, identified as CVE-2025-24085, has already been exploited in the wild. This use-after-free vulnerability in the Core Media component allows a malicious application to gain elevated privileges on devices with outdated software.
Recommended Actions
To safeguard their devices, Apple users are urged to take immediate preventive measures:
- Update Software: Install the latest security patches for all Apple devices, including updates for macOS, iOS, iPadOS, tvOS, visionOS, Safari, and watchOS.
- Stay Alert: Avoid downloading or installing applications from unknown or untrusted sources that may exploit these vulnerabilities.
- Enable Automatic Updates: Ensure that devices are set to receive security updates automatically to avoid delays in future patches.
- Monitor Device Activity: Watch out for unusual behaviour, such as unexpected app crashes, slow performance, or unauthorised access.
Why This Matters
Security experts emphasise that updating devices is crucial, given the active exploitation of certain vulnerabilities. Failure to update could expose users to serious security risks, including data breaches and unauthorised control of their devices.
This advisory comes as part of ongoing efforts by CERT-In to protect consumers and enterprises against cybersecurity threats. Apple users are strongly advised to prioritise updates and follow best practices to secure their personal information and digital assets.
