Multiple vulnerabilities in Apple iOS 18 and iPadOS 18
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 34 |
| CVE-ID | CVE-2025-43433 CVE-2025-43454 CVE-2025-43399 CVE-2025-43438 CVE-2025-43434 CVE-2025-43458 CVE-2025-43431 CVE-2025-43503 CVE-2025-43441 CVE-2025-43435 CVE-2025-43429 CVE-2025-43443 CVE-2025-43495 CVE-2025-43392 CVE-2025-43499 CVE-2025-43493 CVE-2025-43442 CVE-2025-43398 CVE-2025-43444 CVE-2025-43423 CVE-2025-43450 CVE-2025-43448 CVE-2025-43445 CVE-2025-43507 CVE-2025-43496 CVE-2025-43439 CVE-2025-43365 CVE-2025-43386 CVE-2025-43383 CVE-2025-43385 CVE-2025-43384 CVE-2025-43377 CVE-2025-43389 CVE-2025-43418 |
| CWE-ID | CWE-119 CWE-371 CWE-200 CWE-416 CWE-20 CWE-451 CWE-254 CWE-284 CWE-532 CWE-59 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
iPadOS Operating systems & Components / Operating system Apple iOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 34 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU117966
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-43433
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into visiting a specially crafted website. trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) State Issues
EUVDB-ID: #VU118068
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43454
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain unauthorized access to device.
The vulnerability exists due to a state issue in Siri where a device may persistently fail to lock. An attacker with physical access to device can compromise it.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Exposure of sensitive information to an unauthorized actor
EUVDB-ID: #VU118030
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43399
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to excessive data output in Siri. A local application can access protected user data.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU117963
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-43438
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use after free
EUVDB-ID: #VU118040
Risk: Medium
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-43434
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU117956
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43458
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim into opening a specially crafted web page and crash the browser.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU117968
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-43431
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into visiting a specially crafted website. trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Spoofing attack
EUVDB-ID: #VU118045
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-43503
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim into visiting a specially crafted website and spoof the user interface.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU117959
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43441
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and crash the browser.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU117960
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and crash the browser.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU117969
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43429
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and crash the browser.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU117958
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43443
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in WebKit. A remote attacker can trick the victim into visiting a specially crafted web page and crash the browser.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security features bypass
EUVDB-ID: #VU118073
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43495
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper checks in WebKit. A local application can monitor keystrokes without user permission.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper access control
EUVDB-ID: #VU117971
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-43392
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to incorrect handling of cached data in WebKit Canvas. A remote attacker can trick the victim into visiting a specially crafted website and exfiltrate data cross-origin.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper access control
EUVDB-ID: #VU118027
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43499
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Shortcuts. A local application can access sensitive user data.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Spoofing attack
EUVDB-ID: #VU118044
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-43493
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim into clicking on a specially crafted URL and spoof the browser's address bar.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper access control
EUVDB-ID: #VU118061
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43442
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Accessibility feature. A local application can installed apps on the device.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory corruption
EUVDB-ID: #VU118006
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43398
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Kernel. A local application can cause unexpected system termination.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information disclosure
EUVDB-ID: #VU118049
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43444
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to excessive data output by the Installer application. A malicious local application can fingerprint the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Information exposure through log files
EUVDB-ID: #VU117986
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43423
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows an attacker with physical access to the system to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Audio. An attacker with physical access to the system can view sensitive user information in system logging.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) State Issues
EUVDB-ID: #VU118065
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43450
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper checks in Camera. A local application can learn information about the current camera view before being granted camera access.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper link resolution before file access ('link following')
EUVDB-ID: #VU117989
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43448
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure symbolic link following in CloudKit. A local application can break out of its sandbox.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU117995
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43445
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in CoreText. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information disclosure
EUVDB-ID: #VU118048
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43507
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to fingerprint the user.
The vulnerability exists due to excessive data output by the Find My application. A local application can fingerprint the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Security features bypass
EUVDB-ID: #VU118050
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-43496
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a missing logic in Mail Drafts when working with email messages. A remote attacker can force the application to load remote content even when the 'Load Remote Images' setting is turned off.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU118067
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43439
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to an error within On-device Intelligence. A local application can fingerprint the user.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU118084
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43365
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in MetricKit. A local unprivileged process can terminate a root processes.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory corruption
EUVDB-ID: #VU118009
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43386
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Model I/O. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory corruption
EUVDB-ID: #VU118012
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43383
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Model I/O. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory corruption
EUVDB-ID: #VU118010
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43385
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Model I/O. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory corruption
EUVDB-ID: #VU118011
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43384
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Model I/O. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory corruption
EUVDB-ID: #VU118013
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43377
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Model I/O. A local application can cause a denial-of-service.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU118014
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43389
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in Notes. A local application can access sensitive user data.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Information disclosure
EUVDB-ID: #VU118129
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-43418
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to excessive data output in Spotlight. An attacker with physical access to a locked device may be able to view sensitive user information.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 18.0 22A3354 - 18.7.1 22H31
Apple iOS: 18.0 22A3354 - 18.7.1 22H31
CPE2.3 External linkshttps://support.apple.com/en-us/125633
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
