These vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their devices, cause service disruptions, and compromise the entire device.
The Indian Computer Emergency Response Team (Cert-In) has issued a high-severity advisory warning users of multiple vulnerabilities in Apple's products that allow attackers to execute code remotely and gain system access.
Key Points
- Cert-In warns of high-severity vulnerabilities in Apple devices enabling remote code execution and unauthorised system access.
- iOS and iPadOS versions prior to 26.4 flagged as potentially exposed to multiple security risks.
- Additional vulnerabilities identified in Google Chrome desktop version and Mozilla products affecting wider user base.
- Risks include data theft, denial-of-service attacks, spoofing, and memory corruption on affected devices.
- Apple earlier warned users globally about sophisticated mercenary spyware attacks targeting select individuals.
Cert-In high severity advisory
Cert-In, the nodal body for all matters related to cybersecurity and digital protection, functions under the ministry of electronics and information technology.
In its advisory, Cert-In said these vulnerabilities could allow attackers to bypass security restrictions or cause denial-of-service attacks on the targeted system.
Apple vulnerabilities security warning
Apple's iOS and iPadOS versions prior to 26.4 are likely to have been affected by these vulnerabilities, Cert-In said.
Apart from vulnerabilities in Apple's products and services, Cert-In has also issued high-severity warning notes for multiple issues in Google Chrome's desktop version and Mozilla products.
Remote code execution risk
In December 2025, Cert-In said that multiple vulnerabilities in Apple's iPhone, Mac, and iPad could allow an attacker to 'execute arbitrary code, gain elevated privileges, disclose sensitive information, bypass security restrictions, or cause denial of service on the targeted system'.
Spyware attack warnings Apple
These vulnerabilities, Cert-In said, could leave Apple users at risk of unauthorised access to sensitive data on their devices, cause service disruptions, and compromise the entire device.
Apart from these, the vulnerabilities flagged could also lead to data manipulation, spoofing, and corruption of the memory of targeted devices, Cert-In had then warned.
Chrome Mozilla vulnerabilities alert
In April and December 2025, Apple sent out a fresh round of notices to its users worldwide, including some in India, warning them that they may have been targeted by mercenary spyware attacks seeking to gain remote access to their devices.
In notices sent to users in April, Apple said the threat notification messages it sends to individuals it believes have been targeted by the mercenary spyware 'are designed to inform and assist users'.
"Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices.
'Mercenary spyware attacks cost millions and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks,' Apple had then said.
Feature Presentation: Ashish Narsale/Rediff
© 2026