-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-11-05-2025-1 iOS 18.7.2 and iPadOS 18.7.2
iOS 18.7.2 and iPadOS 18.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125633. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to identify what other apps a user has installed Description: A permissions issue was addressed with additional restrictions. CVE-2025-43442: Zhongcheng Li from IES Red Team of ByteDance App Store Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A permissions issue was addressed with additional restrictions. CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance Audio Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging Description: A logging issue was addressed with improved data redaction. CVE-2025-43423: Duy Trần (@khanhduytran0) Camera Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A logic issue was addressed with improved checks. CVE-2025-43450: Dennis Briner CloudKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved validation of symlinks. CVE-2025-43448: Hikerell (Loadshine Lab) CoreText Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative Find My Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A privacy issue was addressed by moving sensitive data. CVE-2025-43507: iisBuri Installer Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A permissions issue was addressed with additional restrictions. CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance Kernel Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling. CVE-2025-43398: Cristian Dinca (icmd.tech) Mail Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Remote content may be loaded even when the 'Load Remote Images' setting is turned off Description: The issue was addressed by adding additional logic. CVE-2025-43496: Romain Lebesle, Himanshu Bharti @Xpl0itme From Khatima MetricKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An unprivileged process may be able to terminate a root processes Description: A denial-of-service issue was addressed with improved input validation. CVE-2025-43365: Minghao Lin (@Y1nKoc) and Lyutoon (@Lyutoon_) and YingQi Shi (@Mas0n) Model I/O Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2025-43386: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43383: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43385: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43384: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative Model I/O Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to cause a denial-of-service Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2025-43377: BynarIO AI (bynar.io) Notes Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed by removing the vulnerable code. CVE-2025-43389: Kirin (@Pwnrin) On-device Intelligence Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A privacy issue was addressed by removing sensitive data. CVE-2025-43439: Zhongcheng Li from IES Red Team of ByteDance Safari Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved checks. CVE-2025-43493: @RenwaX23 Safari Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2025-43503: @RenwaX23 Shortcuts Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: This issue was addressed with additional entitlement checks. CVE-2025-43499: an anonymous researcher Siri Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: A device may persistently fail to lock Description: This issue was addressed through improved state management. CVE-2025-43454: Joshua Thomas Siri Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access protected user data Description: This issue was addressed with improved redaction of sensitive information. CVE-2025-43399: Kirin (@Pwnrin), Cristian Dinca (icmd.tech) Spotlight Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An attacker with physical access to a locked device may be able to view sensitive user information Description: This issue was addressed by restricting options offered on a locked device. CVE-2025-43418: Dalibor Milanovic WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 297662 CVE-2025-43438: shandikri working with Trend Micro Zero Day Initiative WebKit Bugzilla: 297958 CVE-2025-43434: Google Big Sleep WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed through improved state management. WebKit Bugzilla: 296693 CVE-2025-43458: Phil Beauvoir WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298093 CVE-2025-43433: Google Big Sleep WebKit Bugzilla: 298194 CVE-2025-43431: Google Big Sleep WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298496 CVE-2025-43441: rheza (@ginggilBesel) WebKit Bugzilla: 299391 CVE-2025-43435: Justin Cohen of Google WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A buffer overflow was addressed with improved bounds checking. WebKit Bugzilla: 298232 CVE-2025-43429: Google Big Sleep WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks. WebKit Bugzilla: 299843 CVE-2025-43443: an anonymous researcher WebKit Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: An app may be able to monitor keystrokes without user permission Description: The issue was addressed with improved checks. WebKit Bugzilla: 300095 CVE-2025-43495: Lehan Dilusha Jayasinghe WebKit Canvas Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: A website may exfiltrate image data cross-origin Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 297566 CVE-2025-43392: Tom Van Goethem Additional recognition Mail We would like to acknowledge an anonymous researcher for their assistance. Shortcuts We would like to acknowledge Andrew James Gonzalez for their assistance. WebKit We would like to acknowledge Enis Maholli (enismaholli.com), Google Big Sleep for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 18.7.2 and iPadOS 18.7.2". All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmkLowsACgkQ4Ifiq8DH 7PWZ7Q//aUylZ866W9xTJv7+JjVjGfNfJ/E9XcKzutL/pEJ7GPKtOjim4/YJseBI JYo+lpppGV6S+VtRf1tvbS89oTZoeZUwwKDDiBgUpgiSvkgUqz0oonhL0LaSsc6Q 5sNSNFw9hIBXLIMdWJrQRpt/vD0un1pS/F9S7kwDtXOpE5IijRF2xdu1VJGX6L+S Nf+7ckraEU7SRQA2FPUV433lnqLg5qhFKsGF6X7dilBop5XLp3+Zw05ZZUC3XsJ7 xeg3tvbhbqojfLPG/HmSHsWg9JC+CoiZwlfmLc/ExUbslX105mPm3to/2v174RLm ieoJxOUgzj3w8T7DqnTr/V9QgcvElo5ztHvVr1u2oFRSxVdC7ErMmS32rhUxrUS4 mYczHNq+bt0n8WjaajjShEWR63N3DKpZwjDwuYIXohjuuAfuampEsqyAawvmLly8 akmFIGJcJ8NJlG2CptKJMtv62YBjkxXyFFV5l/3V1QPe1/C6Si+OTP2kmRlUMY2Y Z/IyPUUl+z9iEV5pT7p8APFARCNDEDtW95/37U4s7iwJmubxJS+4BfcVW2Ycy5PJ Wwc1j1VF/Ju7iY5aSY6Zx2zvUDK+mK3YZRdLjRKqmYeBUhcifYB2sitg+gvpYL8n 1BGzX3XYdbjEm5W0AaaOIRKQpnMfzFCKWMHkX0gn7vRBMOaAvQs= =/CzB -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
