The Indian government has issued a critical cybersecurity warning for millions of iPhone users, urging them to immediately update their devices. The Indian Computer Emergency Response Team (CERT-In), the country's main cybersecurity agency, flagged multiple high-severity vulnerabilities across Apple's ecosystem that could expose sensitive data or allow attackers to take control of devices. This urgent advisory, released around March 26, 2026, emphasizes that delaying updates puts users at significant risk of cyberattacks.[republicworld+2]
Urgent Action Needed for Apple Devices
CERT-In, operating under the Ministry of Electronics and Information Technology, classified these flaws as "critical," indicating a high likelihood of exploitation if devices remain unpatched. The vulnerabilities affect a wide range of Apple products, including iPhones, iPads, Macs, Apple Watches, Apple tvOS, VisionOS, and even developer tools like Xcode. Users running older software versions are particularly vulnerable, as these systems lack the latest security fixes designed to counter known exploits.[republicworld+5]
The government agency's advisory clearly states that these vulnerabilities could allow attackers to execute arbitrary code, gain elevated privileges, access sensitive information, bypass security restrictions, or cause denial-of-service attacks on affected devices. In some cases, simply visiting a malicious website or opening a compromised file could trigger an attack, leading to data theft, malware propagation, or complete system compromise.[timesofindia+5]
Affected Software Versions and Risks
The alert specifically targets devices running older versions of Apple's operating systems and applications. For iPhones and iPads, versions prior to iOS 26.4 and iPadOS 18.7.7 or 26.4 are at risk. Mac users with macOS Tahoe prior to 26.4, macOS Sequoia prior to 15.7.5, and macOS Sonoma prior to 14.8.5 also need to update. Additionally, Safari versions prior to 26.4, watchOS, tvOS, and visionOS versions before 26.4, and Xcode versions prior to 26.4 are impacted.[gizbot+8]
These flaws affect core system components such as the Kernel, WebKit, CoreAnimation, and Siri across various devices. Exploiting these weaknesses could allow hackers to run commands on a device without the user's knowledge, gain deeper system access, or make the device unstable. The risks are not theoretical; CERT-In has consistently highlighted the severity of these issues.[timesofindia+4]
CERT-In's Role in Cybersecurity
CERT-In serves as India's national agency for responding to computer security incidents. Its role involves collecting, analyzing, and disseminating information on cyber incidents, as well as issuing advisories and vulnerability notes to help users and organizations protect themselves. Over the past year, CERT-In has frequently flagged vulnerabilities in Apple's products, underscoring the ongoing nature of cyber threats.[republicworld+2]
In December 2025, CERT-In issued a similar warning about multiple vulnerabilities in Apple's iPhone, Mac, and iPad devices, which could allow attackers to execute arbitrary code or gain elevated privileges. Another high-risk alert was issued in February 2026 for Apple and Google Chrome users, urging immediate software updates to prevent hacking and data theft. These repeated advisories highlight the continuous efforts required to maintain digital security.[business-standard+2]
How to Protect Your Devices
The government's recommendation is clear and straightforward: users must immediately update their Apple devices to the latest available software versions. These updates contain crucial patches that address the reported vulnerabilities and include security fixes across all affected operating systems and apps.[republicworld+2]
To update, iPhone and iPad users should go to "Settings," then "General," and tap "Software Update". Mac users can find updates under "System Settings," then "General," followed by "Software Update". Apple Watch owners should use the Watch app on their iPhone to check for new versions. For other Apple devices like Apple TV and Vision Pro, users should navigate to the relevant system settings to find software update options.[gizbot+3]
Beyond immediate updates, CERT-In advises several additional safety measures. Users should enable automatic updates to ensure they receive patches promptly. It is also crucial to download apps only from reliable sources, such as official app stores, and to avoid clicking on unknown or suspicious links, especially those received via messages or emails. Regularly backing up important data to cloud services or external drives is also recommended, as this helps restore information if a device is compromised or damaged. Using strong, unique passwords and enabling two-factor authentication for iCloud accounts and other online services further enhances security.[timesofindia+7]
Cybersecurity experts emphasize that digital safety relies not just on technical updates but also on user vigilance. Installing apps from untrusted sources or conducting sensitive transactions on public Wi-Fi networks can increase risks. CERT-In stresses that timely updates and careful online behavior are essential for Apple users across India. Ignoring these technical vulnerabilities can threaten personal data and potentially impact national cybersecurity.[the420+4]
Broader Cybersecurity Context
The frequent alerts from CERT-In reflect a growing landscape of cyber threats targeting individuals and organizations in India. As more personal and financial activities move online, the importance of robust cybersecurity practices becomes even more critical. While Apple products are often perceived to have strong security, the presence of these multiple vulnerabilities highlights that no system is entirely risk-free.[thesouthindiatimes]
The government's proactive warnings aim to empower users with the knowledge and tools to protect themselves against sophisticated cyberattacks. By following these advisories, Indian iPhone users can significantly reduce their exposure to potential data breaches and device compromises.
The need for vigilance has never been greater. Users are urged to monitor their device's security settings closely and report any suspicious activity or potential hacking incidents to the relevant authorities and banking institutions. Staying informed and taking prompt action are the best defenses against evolving cyber threats.[the420+1]
