Critical Apple Security Flaw Exposes iPhones, Macs: CERT-In Urges Immediate Update

India’s cybersecurity agency CERT-In has issued an urgent security advisory warning millions of Apple users about critical vulnerabilities affecting iPhones, Macs, and Apple Watches. The August 2025 alert highlights multiple Apple security flaws that could allow attackers to take complete control of devices, access sensitive data, and bypass critical security protections.

What the CERT-In Advisory Reveals
According to the CERT-In vulnerability note (CIVN-2025-0361), these vulnerabilities exist across Apple’s ecosystem:

• iOS and iPadOS devices vulnerable to arbitrary code execution
• macOS gatekeeper security bypass flaws
• watchOS privilege escalation risks
• WebKit browser engine vulnerabilities enabling malicious web content

“Successful exploitation could allow an attacker to execute arbitrary code, gain elevated privileges, or cause denial-of-service conditions,” states the advisory. Security researchers at Kaspersky Lab confirm these flaws are being actively exploited in targeted attacks, particularly against journalists and government officials.

Affected Devices and Required Updates
The security alert impacts nearly all recent Apple products:

• iPhone & iPad: Models running iOS/iPadOS versions prior to 18.6
• Macs: All devices requiring macOS 14.6 or later security updates
• Apple Watch: Series 4 and newer needing watchOS 10.6 update

Apple’s security notes detail how these vulnerabilities allow bypassing memory protections and signature validation. “These aren’t theoretical risks,” warns cybersecurity expert Priya Nair. “We’ve already seen exploit attempts targeting Indian financial institutions this week.”

How to Protect Your Devices

1. Update Immediately: Navigate to Settings > General > Software Update
2. Verify Installation: Ensure these versions are installed:
   • iOS 18.6 (Build 22G80)
   • macOS 14.6 (Build 23G5072)
   • watchOS 10.6 (21U557)
3. Enable Automatic Updates: Turn on “Install Security Responses”
4. Monitor Accounts: Check for suspicious activity at appleid.apple.com

The National Cyber Security Coordinator’s office recommends additional precautions: “Enable Lockdown Mode for high-risk users and implement two-factor authentication across all Apple services.” Users should remain vigilant against phishing attempts disguised as Apple security notifications.

Must Know
Q: What happens if I don’t update my Apple device?
A: Unpatched devices remain vulnerable to data theft, remote control by attackers, and malware installation. Financial and personal information could be compromised without your knowledge.

Q: How serious is this Apple security flaw?
A: CERT-In rates it “Critical” – their highest severity level. The flaws allow complete device compromise without user interaction in some cases.

Q: Are older Apple devices like iPhone 11 affected?
A: Yes. The advisory impacts devices as old as iPhone XS and 2018 MacBook Air models. Only devices incompatible with recent OS updates are excluded.

Q: Can Android or Windows users ignore this warning?
A: While this targets Apple ecosystems, cybersecurity experts recommend all users maintain updated software. Separate advisories exist for other platforms.

The window for protection is closing rapidly. With active exploits already circulating, delaying updates invites catastrophic security breaches. As CERT-In emphasizes: “Users are advised to apply updates immediately.” Don’t gamble with your digital safety – verify your device’s security status now.