Multiple vulnerabilities in Apple iOS 18 and iPadOS 18



Risk Critical
Patch available YES
Number of vulnerabilities 33
CVE-ID CVE-2025-24223
CVE-2025-31245
CVE-2025-31234
CVE-2025-31221
CVE-2025-24213
CVE-2025-31223
CVE-2025-31238
CVE-2025-31204
CVE-2025-31228
CVE-2025-31217
CVE-2025-31215
CVE-2025-31206
CVE-2025-31205
CVE-2025-31257
CVE-2025-31227
CVE-2025-31222
CVE-2025-31251
CVE-2025-31233
CVE-2025-31214
CVE-2025-31225
CVE-2025-31212
CVE-2025-31208
CVE-2025-31209
CVE-2025-31239
CVE-2025-31253
CVE-2025-24225
CVE-2025-31210
CVE-2025-31207
CVE-2025-30448
CVE-2025-31226
CVE-2025-31219
CVE-2025-31241
CVE-2024-8176
CWE-ID CWE-119
CWE-284
CWE-190
CWE-843
CWE-862
CWE-20
CWE-200
CWE-264
CWE-319
CWE-371
CWE-125
CWE-416
CWE-451
CWE-415
CWE-121
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Apple iOS
Operating systems & Components / Operating system

iPadOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 33 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU108959

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24223

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU108945

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31245

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in Pro Res. A local application can cause unexpected system termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU108973

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-31234

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Pro Res. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU108975

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31221

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow in Security. A remote attacker can trigger integer overflow and read parts of kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Type confusion

EUVDB-ID: #VU106881

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-24213

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU108956

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-31223

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU108957

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-31238

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU108958

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-31204

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Missing Authorization

EUVDB-ID: #VU108992

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31228

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to missing authorization in Notes. An attacker with physical access to device can access notes from the lock screen.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU108954

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31217

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper access control

EUVDB-ID: #VU108952

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31215

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected process crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Type Confusion

EUVDB-ID: #VU108953

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31206

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the WebKit engine. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU108960

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31205

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted website and exfiltrate data cross-origin.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory corruption

EUVDB-ID: #VU108955

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31257

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU108993

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31227

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to a login error in Notes. An attacker with physical access to device can access a deleted call recording.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper access control

EUVDB-ID: #VU108942

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31222

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in mDNSResponder. A local user can elevate privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU108964

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31251

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing specially crafted image files in AppleJPEG. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU108966

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-31233

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in CoreMedia when processing video files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Cleartext transmission of sensitive information

EUVDB-ID: #VU108986

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31214

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in Baseband. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Information disclosure

EUVDB-ID: #VU108987

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31225

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to Call history from deleted apps may still appear in spotlight search results. An attacker with physical access to device can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) State issues

EUVDB-ID: #VU108936

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31212

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a state management issue in Core Bluetooth. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper access control

EUVDB-ID: #VU108937

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31208

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in CoreAudio. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU108938

Risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31209

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in CoreGraphics. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use after free

EUVDB-ID: #VU108939

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31239

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in CoreMedia. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Information disclosure

EUVDB-ID: #VU108988

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31253

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in FaceTime. Muting the microphone during a FaceTime call may not result in audio being silenced.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Spoofing attack

EUVDB-ID: #VU108991

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24225

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Mail Addressing. A remote attacker can trick the victim into opening a specially crafted email address and spoof user interface.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU108989

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31210

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in FaceTime. A remote attacker can trick the victim into viewing a specially crafted web content and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Information disclosure

EUVDB-ID: #VU108990

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31207

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in FrontBoard. A local application can enumerate a user's installed apps.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Missing Authorization

EUVDB-ID: #VU108983

Risk: High

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-30448

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authentication. A remote attacker can turn on sharing of an iCloud folder without authentication.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper access control

EUVDB-ID: #VU108940

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-31226

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in ImageIO. A remote attacker can trick the victim into opening a specially crafted file and perform a denial-of-service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU108969

Risk: Critical

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]

CVE-ID: CVE-2025-31219

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Microsoft Office files. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Double free

EUVDB-ID: #VU108968

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-31241

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the OS kernel. A remote attacker trigger a double free error and crash the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Stack-based buffer overflow

EUVDB-ID: #VU105723

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-8176

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apple iOS: 18.0 22A3354 - 18.4.1 22E252

iPadOS: 18.0 22A3354 - 18.4.1 22E252

CPE2.3 External links

https://support.apple.com/en-us/122404


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###