Apple iPhones and MacBooks Product Consumers are more vulnerable to hacking, Reports CERT-In

Apple iPhones and MacBooks Product Consumers are more vulnerable to hacking, Reports CERT-In

Users of Apple iPhones and MacBooks are alerted to serious security flaws in their devices by India’s cybersecurity agency, CERT-In, and are urged to take quick security precautions to guard against hacker attacks.

<Feature Image>

• A warning regarding many vulnerabilities in a number of Apple products has been released by CERT-In.
• Hackers may be able to steal users’ private information thanks to the vulnerabilities.
• Users should install the security upgrades as soon as possible, according to CERT-In.

Users of Apple products have received a serious warning from CERT-In, the cybersecurity arm of the Indian government. The federal agency has identified several flaws in a number of Apple products in its most recent alert, Vulnerability Note CIAD-2024-0007, which, if exploited by hackers, could give them total control of the device and enable them to steal users’ private information.

According to CERT-In’s warning statement, the most recent vulnerabilities are severe, especially for users of MacBooks and iPhones. Attackers may be able to access private data, run arbitrary code, get around security measures, and escalate their privileges on the targeted system if these flaws are exploited. Additionally, CERT-In exhorts owners of Apple devices to safeguard their devices right away and shield vital information from unauthorized access.

List of Apple devices at risk

Numerous Apple products running on various operating systems are included in the list of impacted devices:

• Apple macOS Sequoia versions prior to 15.3
• Apple macOS Sonoma versions prior to 14.7.3
• Apple macOS Ventura versions prior to 13.7.3
• Apple iPadOS versions prior to 17.7.4
• Apple iOS versions prior to 18.3
• Apple iPadOS versions prior to iOS 18.3
• iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
• iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
• Apple tvOS Versions prior to 18.3
• Apple TV HD and Apple TV 4K (all models)
• Apple visionOS Versions prior to 2.3
• Apple Safari Versions prior to 18.3
• Apple watchOS versions prior to 11.3
• Apple Watch Series 4 and later
• macOS Monterey and macOS Ventura

CERT-In advises customers to install the security upgrades listed in the Apple Security Update very away in order to protect susceptible Apple devices from any security risks. The purpose of these updates is to fix the vulnerabilities that have been found and improve your device’s overall security.

Apple Released Updates To Patch Zero-Day Vulnerability

All of a sudden, Apple Released Updates To Patch Actively Exploited iOS Zero-Day CVE-2025-24200 in an Emergency Update.  To fix a security vulnerability in iOS and iPadOS that it said has been exploited in the wild, Apple distributed out-of-band security patches on Monday.

The vulnerability, which has been given the CVE identifier CVE-2025-24200, has been defined as an authorization problem that could allow a malevolent actor to disable USB Restricted Mode on a locked device as part of a cyber-physical attack.

This implies that in order to take advantage of the vulnerability, the attackers need to have physical access to the device. USB Restricted Mode, which was first introduced in iOS 11.4.1, stops an Apple iOS or iPadOS device from interacting with an accessory if it hasn’t been unlocked and connected to one in the previous hour.

The feature is said to be an effort to stop law enforcement agencies’ primary digital forensics tools, such as Cellebrite or GrayKey, from illegally accessing a confiscated device and obtaining private information.

There are currently no other details available regarding the security issue, which is consistent with advisories of this type. According to the iPhone manufacturer, enhanced state management fixed the problem.

Apple did, however, admit that it is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The vulnerability was found and reported by security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School.

The following operating systems and devices are eligible for the update:

The change was made weeks after Cupertino fixed a use-after-free vulnerability in the Core Media component (CVE-2025-24085), which was found to have been exploited against iOS versions before 17.2.

Pegasus Link in this iPhone Data Compromise

Commercial surveillanceware sellers have mostly used zero-days in Apple software as a weapon to install complex applications that can retrieve data from victim devices.

These tools, like Pegasus from NSO Group, have been abused to spy on civil society members even though they are promoted as “technology that saves lives” and to combat severe criminal behavior as a solution to the so-called “Going Dark” issue.

Pegasus is not a tool for mass monitoring, according to NSO Group, which has reaffirmed that it is only licensed to “legitimate, vetted intelligence and law enforcement agencies.”

The Israeli corporation stated in its Transparency Report 2024 that it provides services to 54 clients across 31 nations, including 23 law enforcement and 23 intelligence agencies.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.   Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

READ MORE HERE

Cyberattack from DeepSeek Reveals AI Platform Risks: 9 Tips To Stay Safe

About Author

Tahir

See author's posts