SB2025091757 - Multiple vulnerabilities in Apple iOS 18 and iPadOS 18
Published: September 17, 2025 Updated: November 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2025-43346)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Audio. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
2) Out-of-bounds write (CVE-ID: CVE-2025-43349)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write in CoreAudio. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
3) Out-of-bounds write (CVE-ID: CVE-2025-43302)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds write in IOHIDFamily. A local application can cause unexpected system termination.
4) State Issues (CVE-ID: CVE-2025-43359)
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to a log error within the OS kernel. A UDP server socket bound to a local interface may become bound to all interfaces exposing services on the Internet.
5) Improper input validation (CVE-ID: CVE-2025-43299)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.
6) Improper input validation (CVE-ID: CVE-2025-43295)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.
7) Memory corruption (CVE-ID: CVE-2025-43355)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in MobileStorageMounter. A local application can cause a denial-of-service.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43358)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local user can bypass sandbox restrictions.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43356)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing permissions checks. A remote attacker can trick the victim into visiting a specially crafted website and gain access to sensor information without user consent.
10) Improper access control (CVE-ID: CVE-2025-43342)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted website and crash the browser.
11) Improper access control (CVE-ID: CVE-2025-43362)
The vulnerability allows a local application to monitor keystrokes.
The vulnerability exists due to improper access restrictions in LaunchServices. A local application can monitor keystrokes without user permission.
12) Use of cache containing sensitive information (CVE-ID: CVE-2025-43203)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper caching in Notes. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.
13) Improper access control (CVE-ID: CVE-2025-43345)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Kernel. A local application can access sensitive user data.
Remediation
Install update from vendor's website.