iPhone and iPad users at risk: Indian government issues ‘high-severity warning’. Check affected phone models and what to do

The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a “high severity” security advisory for Apple iPhone and iPad users. The alert highlights a serious vulnerability in older iOS and iPadOS versions that, if exploited, could allow malicious apps to severely disrupt device functionality. Apple has acknowledged the issue and released security updates to address it.

CERT-In explained that the vulnerability stems from how Apple’s operating system manages Darwin notifications, a low-level communication mechanism embedded in the CoreOS layer. These notifications help different parts of the operating system and apps communicate with each other. However, the flaw allows any app to send these system-level notifications without special permissions or entitlements, posing a major security risk.

Devices Affected by the Flaw

The security vulnerability affects a wide range of Apple devices. iPhones running iOS versions earlier than 18.3, including models from iPhone XS and newer, are at risk. Several iPad models are also vulnerable if they operate on outdated versions of iPadOS. These include:

• iPad Pro 12.9-inch (2nd generation)
• iPad Pro 10.5-inch
• iPad 6th generation
• iPad Pro 13-inch and 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (7th generation and later)
• iPad mini (5th generation and later)

CERT-In has warned that if the flaw is exploited, malicious applications could send unauthorized Darwin notifications, potentially causing devices to become unresponsive or entirely unusable until they are restored.

Potential Risks to Users

The primary concern is that apps taking advantage of the flaw can crash the device or render it non-functional. In more severe cases, attackers might bypass built-in security layers, jeopardize user data, or even gain access to sensitive personal or financial information. The government bulletin stressed that affected users may experience complete device lock-up, requiring a reset to restore normal functionality.

CERT-In emphasized: “A vulnerability in Apple’s iOS and iPadOS may allow certain malicious applications to cause affected devices to become unresponsive or nonfunctional until restored.”

Steps for Users to Stay Protected

To mitigate the threat, users are strongly advised to update their devices immediately. Apple has already rolled out security patches that close the loophole. To install the update:

• Open Settings
• Navigate to General > Software Update
• Download and install the latest version of iOS or iPadOS

In addition to applying the updates, users are encouraged to remain cautious and avoid downloading apps from unreliable sources. Unusual behavior such as excessive battery drain, device overheating, or frequent app crashes could be signs that a device is under attack.

CERT-In urged all users to take swift action: “Apply the necessary updates provided in Apple’s security advisory.”