Security Alert: CERT-In Issues Warning About Critical Vulnerabilities in iOS and Android Devices

The Indian Computer Emergency Response Team (CERT-In) has released two advisory notes regarding security vulnerabilities affecting devices that operate on Android, iOS, and iPadOS. The first advisory addresses a denial of service (DoS) vulnerability that impacts both iPhone and iPad models utilizing the latest versions of iOS and iPadOS. The second advisory identifies several vulnerabilities concerning Android devices that might enable malicious individuals to gain unauthorized access to these devices. In both instances, users are urged to take necessary precautions to protect their smartphones and tablets.

Android and iOS Devices at Risk of DoS Attacks Without Updates

CERT-In mentions in vulnerability note CIVN-2025-0092 that there exist multiple vulnerabilities within the Android operating system which could be exploited by attackers to execute harmful code on a user’s device and access data remotely. Additionally, after acquiring elevated privileges, malicious users may launch a DoS attack on the device.

According to CERT-In, these vulnerabilities impact smartphones operating on Android 13, Android 14, and Android 15. This indicates that millions of smartphones utilizing these Android versions are at risk of compromise if the necessary security patches are not applied.

To ensure safety, users need to install the latest Android security updates that were released in May. CERT-In advises that smartphones that have received the May 1 security patches will be shielded from these vulnerabilities. However, users may have to wait until their respective smartphone manufacturers provide these patches, while owners of Google Pixel devices with automatic updates should already have protection.

On the other hand, CERT-In’s CIVN-2025-0094 note indicates that iPhone models operating on versions older than iOS 18.3, or iPad models utilizing versions prior to iPadOS 18.3 (including iPadOS 17.7.3 on older models), are vulnerable to a DoS threat.

The agency cautions that users with these outdated versions may face the risk of their devices becoming «unresponsive or non-functional» if they encounter malicious software that can disable their functionality. Should they be affected by a DoS attack, users may need to restore their devices.

CERT-In asserts that users who have upgraded to iOS 18.3, iPadOS 18.3, and iPadOS 17.7.3 should be safeguarded against the DoS vulnerabilities. Since iOS 18.3 was launched in January, it is likely that many users have already upgraded their devices. Some may even be using iOS 18.5, which was released earlier this week.