Apple on Monday pushed out patches for safety vulnerabilities throughout the macOS, iPhone and iPad software program stack, warning that code-execution bugs that may very well be triggered just by opening a rigged picture, video or web site.
The brand new iOS 18.5 replace, rolled out alongside patches for iPadOS, covers crucial bugs in AppleJPEG and CoreMedia with a serious warning from Cupertino that attackers may craft malicious media information to run arbitrary code with the privileges of the focused app.
The corporate additionally documented severe file-parsing vulnerabilities patched in CoreAudio, CoreGraphics, and ImageIO, every able to crashing apps or leaking knowledge if booby-trapped content material is opened.
The iOS 18.5 replace additionally offers cowl for not less than 9 documented WebKit flaws, some severe sufficient to result in exploits that enable a hostile web site to execute code or crash the Safari browser engine.
The corporate additionally patched a severe ‘mute-button’ flaw in FaceTime that exposes the audio dialog even after muting the microphone.
Beneath the interface, Apple stated iOS 18.5 hardens the kernel in opposition to two memory-corruption points and cleans up a libexpat flaw (CVE-2024-8176) that impacts a broad vary of software program initiatives.
Different notable fixes embody a problem in Baseband (CVE-2025-31214) that permits attackers in a privileged community place to intercept visitors on the brand new iPhone 16e line; a privilege escalation bug in mDNSResponder (CVE-2025-31222); a problem in Notes that expose knowledge from a locked iPhone display; and safety gaps in FrontBoard, iCloud Doc Sharing, and Mail Addressing.
Apple didn’t point out that any of the patched bugs have been exploited within the wildAdvertisement. Scroll to proceed studying.
The iOS 18.5 replace is out there for iPhone XS and later; the companion iPadOS launch covers the iPad Professional (2018 and newer), iPad Air 3, iPad 7, iPad mini 5, and later fashions.
The corporate additionally shipped main updates for macOS Sequoia, macOS Sonoma, macOS Ventura, WatchOS, tvOS and visionOS.
Associated: Apple Quashes Two Zero-Days With iOS, MacOS Patches
Associated: Apple Ships iOS 18.3.2 to Repair Already-Exploited WebKit Flaw
Associated: New iOS Safety Characteristic Reboots Units to Defend Person Knowledge
Associated: Apple Patches 70 Safety Bugs Throughout iOS, macOS
