Multiple vulnerabilities in Apple iOS 18 and iPadOS 18



| Updated: 2025-11-04
Risk Medium
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2025-43346
CVE-2025-43349
CVE-2025-43302
CVE-2025-43359
CVE-2025-43299
CVE-2025-43295
CVE-2025-43355
CVE-2025-43358
CVE-2025-43356
CVE-2025-43342
CVE-2025-43362
CVE-2025-43203
CVE-2025-43345
CWE-ID CWE-119
CWE-787
CWE-371
CWE-20
CWE-264
CWE-284
CWE-524
Exploitation vector Network
Public exploit N/A
Vulnerable software
 iPadOS
Operating systems & Components / Operating system

Apple iOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Memory corruption

EUVDB-ID: #VU115296

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43346

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in Audio. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU115260

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43349

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds write in CoreAudio. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU115265

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43302

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds write in IOHIDFamily. A local application can cause unexpected system termination.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) State Issues

EUVDB-ID: #VU115335

Risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-43359

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to a log error within the OS kernel. A UDP server socket bound to a local interface may become bound to all interfaces exposing services on the Internet. 

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU115268

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43299

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU115269

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43295

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in libc. A local application can cause a denial-of-service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory corruption

EUVDB-ID: #VU115273

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43355

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in MobileStorageMounter. A local application can cause a denial-of-service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU115339

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:U/U:Clear]

CVE-ID: CVE-2025-43358

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in Shortcuts. A local user can bypass sandbox restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU115579

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43356

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing permissions checks. A remote attacker can trick the victim into visiting a specially crafted website and gain access to sensor information without user consent.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper access control

EUVDB-ID: #VU115325

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43342

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted website and crash the browser.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper access control

EUVDB-ID: #VU115716

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43362

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to monitor keystrokes.

The vulnerability exists due to improper access restrictions in LaunchServices. A local application can monitor keystrokes without user permission.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use of cache containing sensitive information

EUVDB-ID: #VU115717

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43203

CWE-ID: CWE-524 - Use of Cache Containing Sensitive Information

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to improper caching in Notes. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper access control

EUVDB-ID: #VU118076

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-43345

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Kernel. A local application can access sensitive user data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

iPadOS: 18.0 22A3354 - 18.6.2 22G100

Apple iOS: 18.0 22A3354 - 18.6.2 22G100

CPE2.3 External links

https://support.apple.com/en-us/125109


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###