The Indian Computer Emergency Response Team (CERT-In) has released two vulnerability advisories alerting users to significant security issues affecting devices that run on Android, iOS, and iPadOS. The first advisory addresses a denial of service (DoS) vulnerability impacting iPhones and iPads operating on the latest versions of iOS and iPadOS. The second advisory points to a series of flaws that could potentially allow unauthorized access to Android devices by malicious actors. Users are urged to take necessary precautions to protect their smartphones and tablets.
Android and iOS Devices at Risk of DoS Attacks
In vulnerability note CIVN-2025-0092, CERT-In indicates that several vulnerabilities exist within the Android operating system, which could be exploited to execute harmful code and access user data remotely. Attackers may also initiate a DoS attack after obtaining elevated privileges on the device.
The vulnerabilities identified specifically affect smartphones operating on Android 13, Android 14, and Android 15, putting millions of devices at risk unless users apply the necessary security patches.
To enhance their security, users should install the latest Android security patches distributed in May. According to CERT-In, devices with the May 1 security patches are safeguarded against these vulnerabilities. However, the availability of these patches depends on smartphone original equipment manufacturers (OEMs), while Google Pixel users with automatic updates are likely already secure.
In the second advisory, CERT-In’s CIVN-2025-0094 states that iPhones running on versions prior to iOS 18.3 and iPads with iPadOS 18.3 or iPadOS 17.7.3 (for older models) are vulnerable to a DoS threat.
The agency cautions that users operating on these outdated versions risk their devices becoming “unresponsive or non-functional” if they run malicious applications capable of rendering the devices inoperative. Users affected by a DoS attack will need to restore their devices.
CERT-In confirms that users who have updated to iOS 18.3, iPadOS 18.3, and iPadOS 17.7.3 should be protected from the identified DoS vulnerability. Many users, having received iOS 18.3 since its release in January, may already have it installed on their devices, with some even using iOS 18.5, which was released earlier this week.
