The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory (CIAD-2025-0006) warning users of multiple vulnerabilities in Apple products. These vulnerabilities could allow attackers to access sensitive information, execute arbitrary code, bypass security restrictions, cause denial-of-service (DoS) conditions, and even gain elevated privileges on affected devices. Users of macOS, iOS, iPadOS, and other Apple platforms are urged to update their systems immediately to mitigate these risks.
Advisory details
The vulnerabilities stem from flaws such as null pointer dereference, type confusion, use-after-free errors, out-of-bounds read/write, improper file handling, input validation issues, and buffer overflows. One critical vulnerability, CVE-2025-24085, has already been exploited in the wild. This use-after-free bug in the Core Media component allows malicious applications to gain elevated privileges on devices running older versions of iOS, iPadOS, and macOS.
Software and devices affected
The following Apple software versions are vulnerable:
- macOS Sequoia: Versions prior to 15.3
- macOS Sonoma: Versions prior to 14.7.3
- macOS Ventura: Versions prior to 13.7.3
- iOS/iPadOS: Versions prior to 17.7.4 and 18.3
- tvOS: Versions prior to 18.3
- visionOS: Versions prior to 2.3
- Safari: Versions prior to 18.3
- watchOS: Versions prior to 11.3
These vulnerabilities impact a wide range of Apple devices, including iPhones, iPads, Macs, Apple TVs, Apple Watches, and Vision Pro headsets.
What you can do
To protect your devices, CERT-In recommends the following steps:
1. Update immediately: Install the latest security updates for your Apple devices. Ensure your macOS, iOS, iPadOS, tvOS, visionOS, Safari, and watchOS are updated to the patched versions mentioned above.
2. Avoid untrusted sources: Do not download or install apps from unverified sources, as they may exploit these vulnerabilities.
3. Monitor for suspicious activity: Be vigilant for unusual behaviour on your devices, which could indicate a compromise.
4. Enable automatic updates: Turn on automatic updates to ensure your devices receive the latest security patches promptly.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
