Message from Apple security saying that my iPad has been hacked

You have encountered a Scam. Apple will never contact you to inform you malware infection or other security issue purportedly affecting your device(s). Simply close the browser tab, or if received via email or other messaging platform, delete the message - ensuring that the message has also been deleted from Trash/Bin.

See >>> Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

If you are unsure of the source or provenance of a message or alert, do not respond to, or engage with, the message. Certainly do not, under any circumstances, attempt to contact anyone using the contact details that may have been provided within the message itself. If you need to verify a message from Apple, make independent contact with Apple Support.

Most scam alerts are designed to scare the unwary into giving away sensitive information - or to fool you into doing something that you shouldn’t - usually to defraud you financially.

If you suspect that your AppleID has been compromised, follow the advice outlined here:

If you think your Apple ID has been compromised - Apple Support

Threat & Vulnerability

Providing your iPad has been kept up-to-date with system software updates, you should not be unduly concerned for your iPad being directly compromised by malware. Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable.

For older devices, no longer benefiting from security updates, the risk of an unpatched vulnerability being exploited increases. Regardless of the installed version of iPadOS, there are useful mitigations that can be used to significantly reduce your exposure to risk.

Mitigation

The majority of threats to which you will be exposed surface via web pages or embedded links within email or messaging platforms. Browser-based attacks can be largely mitigated by installing a good Content/Ad-blocking product. One of the most respected within the Apple App Store - designed for Apple devices - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024

1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.

Unwanted content is not simply filtered after download (a technique used by inferior products), but instead undesirable embedded content is blocked. The 1Blocker product creates a ruleset that is actually processed by Safari. 1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers” and will augment existing protection built-in to iPadOS. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.

A further step to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:

Quad9 (recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9

OpenDNS

208.67.222.222

208.67.220.220

2620:119:35::35

2620:119:53::53

Cloudflare

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001

Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other reputable Content Blocker, provides defence in depth.

There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC); while fully and effectively supported by iOS/iPadOS, Apple doesn’t expose this capability via device settings - but there are easy ways to access this functionality. Aside from installing a device-profile from a external device-management system, a really easy way to set and manage DoH/DoT settings is to use a third-party utility App - DNSecure:

https://apps.apple.com/app/dnsecure/id1533413232

This App does exactly what is needed to effectively configure DoH/DoT - and is free to download and install. Many DNS providers are already preconfigured - including Quad9 and Cloudflare. Additional secure DNS providers can be added if required.

That’s not from Apple.

It is a scam designed to scare you into downloading useless software or steal data.

Ignore it, stop going to websites that serve those ads or install an ad blocker.