The Indian Computer Emergency Response Team (CERT-In) has issued two vulnerability notes warning users of security flaws affecting devices running on Android, iOS, and iPadOS. The first one refers to a denial of service (DoS) vulnerability affecting iPhone and iPad models running on recent versions of iOS and iPadOS. The second note highlights multiple flaws impacting Android devices that could allow malicious users to gain unauthorised access to a device. In both cases, users have been advised to take appropriate action to safeguard their smartphones and tablets.
Android, iOS Are Devices Susceptible to DoS Attacks Without Updates
CERT-In states in vulnerability note CIVN-2025-0092 that there are several flaws affecting the Android operating system that could be used by an attacker to run dangerous code on a user’s device, and access data remotely. Malicious users could also perform a DoS attack on the device, after gaining elevated privileges.
These vulnerabilities affect smartphones running on Android 13, Android 14, and Android 15, according to CERT-In. This effectively means that millions of smartphones that are running on these versions of Android are vulnerable to their devices being compromised unless the relevant security patches are installed on their device.
In order to remain safe, users must install the latest Android security patches that were rolled out to devices in May. CERT-In says that smartphones with the latest May 1 security patches will be protected from these security flaws. However, users might have to wait until these patches are made available by smartphone OEMs, while Google Pixel owners with automatic updates should already be protected.
On the other hand, CERT-In’s CIVN-2025-0094 note states that iPhone models running on software that was released before iOS 18.3, or iPad models running on iPadOS 18.3 (and iPadOS 17.7.3 on older models) are susceptible to a DoS vulnerability.
The agency warns that users who are running on these older versions are at risk of becoming “unresponsive or non-functional” if they run malicious applications that can render them inoperable. Users will need to restore these devices if they are impacted by the DoS attack.
CERT-In says that users who have updated to iOS 18.3, iPadOS 18.3, and iPadOS 17.7.3 should remain protected from the DoS vulnerability. Considering that iOS 18.3 was released in January, many users should already have this version on their phones and tablets. They might also be running on iOS 18.5, which was released earlier this week.
