Apple devices exposed to 'Very High' risk, warns government. How to protect your devices

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-severity alert for Apple device users, highlighting a critical vulnerability in certain versions of iOS and iPadOS. The warning, released on 12 May, describes the flaw as posing a “very high” security risk to users of iPhones and iPads running outdated software versions.

Who all are affected

According to CERT-In, the vulnerability affects iPhones from the iPhone XS onwards that are operating on versions earlier than iOS 18.3. Affected iPad models include the iPad Pro 12.9-inch (2nd generation), iPad Pro 10.5-inch, and iPad 6th generation running iPadOS versions prior to 17.7.3. In addition, newer models such as the iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and newer), iPad 7th generation and later, and iPad mini (5th generation and newer) are also vulnerable if they are running on versions of iPadOS prior to 18.3.

The security flaw, if exploited, could allow malicious applications to disrupt the normal functioning of the affected devices. CERT-In explained that these apps could potentially cause the device to become unresponsive or unusable until it is restored. This poses a significant threat to user data and device functionality, especially if the user is unaware of the source of the disruption.

The root of the problem lies in how Apple's operating system handles Darwin notifications—a key communication mechanism within the CoreOS layer that allows different processes to exchange system-wide updates. CERT-In noted that the vulnerability stems from the fact that any iOS application can send these sensitive system-level Darwin notifications without needing elevated privileges or special entitlements. This loophole effectively opens the door for malicious apps to interfere with critical system functions.

How to mitigate the risk

To mitigate the risk, CERT-In has urged all Apple users to install the latest security patches issued by Apple. Keeping the device’s operating system up to date is currently the most effective protection against this vulnerability. Apple has already addressed the issue in its recent software updates, and users are encouraged to review the company’s official advisory for detailed guidance.

In addition to updating their devices, users are advised to exercise caution while downloading apps, especially from unofficial sources. Limiting app permissions and staying informed about potential threats can also help reduce the risk of exploitation. For further information, users can consult Apple’s support channels or visit the official CERT-In website.