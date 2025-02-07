The Indian Computer Emergency Response Team (CERT-In) has issued an advisory, warning users of iPhone, iPad, Mac, and other Apple devices of critical security vulnerabilities that could let hackers gain access to sensitive user information, including phone numbers, banking details, and passwords. According to the government agency, a part of the Ministry of Electronics and Information Technology, the vulnerabilities exist in old software versions of the iPhone, iPad, Mac, Apple TV, Apple Watch, and even the Vision Pro headset, which is officially unavailable in India. However, the latest updates for each device come with a fix.

CERT-In has identified one of the vulnerabilities, ‘CVE-2025-24085’, as “critical”, underscoring that it has been “actively” exploited in the wild. It is a use-after-free bug in Apple’s Core Media component, which hackers may exploit to “gain elevated privileges on the affected devices.” Other vulnerabilities have occurred due to multiple data handling errors and bugs, per the report.

Categorised as “high risk,” the security flaws target devices running macOS Sequoia versions prior to 15.3, macOS Sonoma versions before 14.7.3, macOS Ventura versions prior to 13.7.3, iPadOS versions prior to 18.3 and 17.7.4, iOS versions prior to 18.3, tvOS versions before 18.3, watchOS versions prior to 11.3, and visionOS versions before 2.3. Apple’s Safari browser versions before 18.3 are also affected by the vulnerabilities, which CERT-In said also allow malicious actors to “execute arbitrary code, bypass security restrictions, cause denial of service (DoS) conditions, bypass authentication, gain elevated privileges, data manipulation, and perform spoofing attacks on the targeted system.”