CERT-In Issues High-Severity Advisory Over 85 Vulnerabilities in Apple Ecosystem

The Indian Computer Emergency Response Team (CERT-In), the national nodal agency for responding to computer security incidents, issued a high-severity advisory on March 29, 2026, regarding multiple vulnerabilities within the Apple product ecosystem. The warning, categorized under High severity, highlights critical flaws that could enable remote attackers to compromise devices, execute arbitrary code, and gain unauthorized access to sensitive user information.

According to the advisory, the security gaps affect a wide range of Apple software, including iOS, iPadOS, macOS, watchOS, tvOS, and the Safari web browser. Technical analysis by CERT-In identified 85 distinct vulnerabilities across these platforms. The flaws are primarily located in core system components such as the Kernel, WebKit, RTKit, and various system frameworks like PackageKit and AppleMobileFileIntegrity.

The vulnerabilities stem from various technical issues, including improper memory handling, buffer overflows, and insufficient validation of user-supplied input. One of the most critical flaws, tracked as CVE-2026-28858, involves a remote user being able to cause unexpected system termination or corrupt kernel memory. Another significant vulnerability in the WebKit engine, the framework that powers Safari, could allow maliciously crafted web content to bypass the Same Origin Policy (SOP), potentially leading to cross-site scripting attacks and the theft of session tokens or login credentials.

The scope of the advisory is extensive. Affected software versions include iOS and iPadOS versions prior to 26.4, macOS Tahoe versions prior to 26.4, and macOS Sequoia versions prior to 15.7.5. The warning also extends to Apple Watch users on watchOS versions earlier than 26.4 and Apple Vision Pro users running visionOS versions prior to 26.4. CERT-In noted that hardware including the iPhone 11 and later, and various iPad Pro models, are specifically at risk if they have not been updated to the latest firmware.

Attackers can exploit these vulnerabilities by persuading a user to visit a compromised website or open a maliciously crafted file. Once exploited, these flaws allow for Remote Code Execution (RCE), where an attacker can run commands on the device with elevated privileges, effectively bypassing the operating system's sandbox protections. This could result in the exfiltration of private data, the installation of persistent malware, or a complete system crash.

In its official communication, CERT-In urged all Apple users in India to apply the necessary security patches immediately. Apple has released a comprehensive set of updates to address these issues, including iOS 26.4 and macOS Tahoe 26.4. The agency emphasized that keeping software up to date is the most effective mitigation strategy against these exploits. While no specific count of affected users in India was provided, the agency warned that some of these vulnerabilities might be targeted in sophisticated, localized attacks.