CERT-In Alerts Apple Users to High-Risk Vulnerabilities
The Indian Computer Emergency Response Team (CERT-In) has issued a critical warning for users of Apple devices, including iPhone, iPad, and Mac. The advisory, dated July 2, 2026, highlights multiple vulnerabilities in Apple’s operating systems that could allow attackers to execute arbitrary code, gain elevated privileges, or cause denial of service. CERT-In has rated the severity as ‘critical’ and urged users to update their devices immediately.
Affected Devices and Software Versions
The vulnerabilities impact a wide range of Apple products. For iPhones, iOS versions prior to 16.6 are affected. iPad users with iPadOS versions earlier than 16.6 are also at risk. Mac users running macOS Ventura before 13.5, macOS Monterey before 12.6.8, and macOS Big Sur before 11.7.9 are vulnerable. Additionally, watchOS versions before 9.6, tvOS before 16.6, and Safari before 16.6 are affected.
Details of the Vulnerabilities
CERT-In’s advisory lists multiple CVEs (Common Vulnerabilities and Exposures) that could be exploited. These include CVE-2026-3500, a memory corruption issue in the kernel that could lead to arbitrary code execution with kernel privileges. Another critical flaw, CVE-2026-3501, exists in WebKit, the browser engine used by Safari, which could be triggered by visiting a malicious website. Apple has acknowledged that these vulnerabilities may have been actively exploited in the wild, according to a statement from the company.
Immediate Action Required
Users are advised to update their devices to the latest software versions as soon as possible. For iPhone and iPad, go to Settings > General > Software Update. Mac users can check System Preferences > Software Update. Apple has released patches for all affected versions. CERT-In emphasizes that delaying updates could leave devices exposed to potential attacks, including data theft, device takeover, or malware installation.
Previous Warnings and Trend
This is not the first time CERT-In has issued a high-severity alert for Apple products. In recent months, similar advisories have been released for zero-day vulnerabilities in iOS and macOS. The frequency of such warnings underscores the importance of regular software updates. According to cybersecurity experts, Apple users should enable automatic updates to ensure they receive patches promptly.
Impact on Users
If exploited, these vulnerabilities could allow attackers to gain full control of a device, access sensitive information, or install malicious software. The impact is particularly severe for users who handle sensitive data, such as corporate executives, government officials, or journalists. The advisory also notes that the vulnerabilities could be used to launch targeted attacks against specific individuals.
Apple’s Response
Apple has released security updates for all affected products and encourages all users to install them. In a support document, the company stated, “This update provides important security fixes and is recommended for all users.” Apple did not provide specific details about the exploitation of the vulnerabilities to avoid tipping off attackers.



