The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Apple users, highlighting a critical flaw in older versions of iOS and iPadOS that could render devices unresponsive. The advisory emphasizes immediate software updates to mitigate the threat.
The vulnerability, found in older versions of Apple’s iOS and iPadOS, allows malicious applications to exploit Darwin notifications, a core component of Apple’s system-level architecture.
Darwin notifications are part of CoreOS, the underlying layer of Apple’s operating system that enables communication between system processes. According to CERT-In, the flaw permits any application without privileged access to broadcast sensitive system-level notifications. This could potentially allow threat actors to freeze or disable devices entirely, rendering them unresponsive until restored manually.
Devices and Versions Affected: Know If You’re at Risk
The vulnerability impacts a wide range of Apple devices still running outdated software. CERT-In’s bulletin specifically identifies:
• iPhones running iOS versions prior to 18.3 (iPhone XS and later)
• iPads running iPadOS versions prior to 17.7.3, such as:
• iPad Pro 12.9-inch (2nd gen)
• iPad Pro 10.5-inch
• iPad 6th generation
• iPads running iPadOS versions prior to 18.3, including:
• iPad Pro 13-inch
• iPad Pro 12.9-inch (3rd gen and later)
• iPad Pro 11-inch (1st gen and later)
• iPad Air (3rd gen and later)
• iPad 7th gen and later
• iPad mini (5th gen and later)
Users of these devices have been advised to urgently check for software updates and install the latest patches provided by Apple. Failure to update could expose devices to rogue applications that take advantage of the exploit.
India’s Cyber Watchdog on High Alert: A Pattern of Proactive Security Advisories
This is not the first time CERT-In has flagged Apple products. As the national cybersecurity agency under the Ministry of Electronics and IT, CERT-In plays a pivotal role in identifying software vulnerabilities, especially in widely-used consumer technology.
Their proactive stance comes amid a growing global emphasis on mobile device security, especially as smartphones and tablets serve as primary computing platforms for millions. With more users conducting financial transactions, storing personal data, and accessing enterprise systems through mobile devices, vulnerabilities at the CoreOS level present a particularly alarming risk.
The advisory aligns with Apple’s own security guidance, which recently addressed the issue in a patch released as part of iOS 18.3 and iPadOS 18.3.
