-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-12-12-2025-1 iOS 26.2 and iPadOS 26.2
iOS 26.2 and iPadOS 26.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/125884. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. App Store Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive payment tokens Description: A permissions issue was addressed with additional restrictions. CVE-2025-46288: floeki, Zhongcheng Li from IES Red Team of ByteDance AppleJPEG Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing a file may lead to memory corruption Description: The issue was addressed with improved bounds checks. CVE-2025-43539: Michael Reeves (@IntegralPilot) Calling Framework Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An attacker may be able to spoof their FaceTime caller ID Description: An inconsistent user interface issue was addressed with improved state management. CVE-2025-46287: an anonymous researcher, Riley Walz curl Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Multiple issues in curl Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-7264 CVE-2025-9086 FaceTime Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Password fields may be unintentionally revealed when remotely controlling a device over FaceTime Description: This issue was addressed with improved state management. CVE-2025-43542: Yiğit Ocak Foundation Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to inappropriately access files through the spellcheck API Description: A logic issue was addressed with improved checks. CVE-2025-43518: Noah Gregory (wts.dev) Foundation Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing malicious data may lead to unexpected app termination Description: A memory corruption issue was addressed with improved bounds checking. CVE-2025-43532: Andrew Calvano and Lucas Pinheiro of Meta Product Security Icons Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to identify what other apps a user has installed Description: A permissions issue was addressed with additional restrictions. CVE-2025-46279: Duy Trần (@khanhduytran0) Kernel Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to gain root privileges Description: An integer overflow was addressed by adopting 64-bit timestamps. CVE-2025-46285: Kaitao Xie and Xiaolong Bai of Alibaba Group libarchive Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing a file may lead to memory corruption Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2025-5918 MediaExperience Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: A logging issue was addressed with improved data redaction. CVE-2025-43475: Rosyna Keller of Totally Not Malicious Software Messages Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: An information disclosure issue was addressed with improved privacy controls. CVE-2025-46276: Rosyna Keller of Totally Not Malicious Software Multi-Touch Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A malicious HID device may cause an unexpected process crash Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2025-43533: Google Threat Analysis Group Photos Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Photos in the Hidden Photos Album may be viewed without authentication Description: A configuration issue was addressed with additional restrictions. CVE-2025-43428: an anonymous researcher, Michael Schmutzer of Technische Hochschule Ingolstadt Screen Time Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access a user’s Safari history Description: A logging issue was addressed with improved data redaction. CVE-2025-46277: Kirin (@Pwnrin) Screen Time Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A logging issue was addressed with improved data redaction. CVE-2025-43538: Iván Savransky Telephony Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: This issue was addressed with additional entitlement checks. CVE-2025-46292: Rosyna Keller of Totally Not Malicious Software WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A type confusion issue was addressed with improved state handling. WebKit Bugzilla: 301257 CVE-2025-43541: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 301726 CVE-2025-43536: Nan Wang (@eternalsakura13) WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 300774 WebKit Bugzilla: 301338 CVE-2025-43535: Google Big Sleep, Nan Wang (@eternalsakura13) WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 301371 CVE-2025-43501: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A race condition was addressed with improved state handling. WebKit Bugzilla: 301940 CVE-2025-43531: Phil Pizlo of Epic Games WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 302502 CVE-2025-43529: Google Threat Analysis Group WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 was also issued in response to this report. Description: A memory corruption issue was addressed with improved validation. WebKit Bugzilla: 303614 CVE-2025-14174: Apple and Google Threat Analysis Group WebKit Web Inspector Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 300926 CVE-2025-43511: 이동하 (Lee Dong Ha of BoB 14th) Additional recognition AppleMobileFileIntegrity We would like to acknowledge an anonymous researcher for their assistance. AppSandbox We would like to acknowledge Mickey Jin (@patch1t) for their assistance. Core Services We would like to acknowledge Golden Helm Securities for their assistance. Safari We would like to acknowledge Mochammad Nosa Shandy Prastyo for their assistance. Siri We would like to acknowledge Richard Hyunho Im (@richeeta) at Route Zero Security (routezero.security) for their assistance. WebKit We would like to acknowledge Geva Nurgandi Syahputra (gevakun) for their assistance. This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 26.2 and iPadOS 26.2". All information is also posted on the Apple Security Releases web site: https://support.apple.com/100100. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmk8h2wACgkQ4Ifiq8DH 7PUBfxAAkMuOSF0rOJxs3s5aFnUhHxZfuADr13+lnlkJFB6ZAAuxouEMB9moyFPD hMVyPrv9ZPSOgpAA1Y5vvVYWm2YaNq2B2gzDe9yg/zIfz/QjlWPO1RO10KFV0IHW dA/TjCbOSKLTxvXR0CMqDFGhsBrxpBQDAmHvlgxakqpTuYFnlb4wV8Mw/7KVhNbE 51HpSI3tsKL1bg63lwxLnEwlu7v8g/XTdezYiFZ/BF1p3w8ozRwLZ6cPzDkZwp8W +JSQiCRYaN7S2MSMK9rIoi0XN/m2OOHSVR62YlJISOG7pjbC8dLbEIn+qjppLhpy 48U7ku9FlOSfpDwjezIBIM+nyWasyD4QwD/6HIph07e2p5BPQfpuPbM9YgozhfSr d+qiZKqA4m9g5hfN5eJVB+qoT0w9m4xXYz4aH6Jwnve7PYvqu1a7PvxXYxNM5wJ0 9CqA0sXReroIYX0bFRmWXl96rzTjZXq7tMSDsGjvFwHj33CeZXnQS9B0OkwUHLSC wV3BDp/XFCjcfaiyRApccDNCdGQsHowCzL7oMwfP5P1e+PTDP8s+4Hfsoyti+RIV vNSzZ8QauvltQYeGrHWDj1pnFQH579uWzXagcDvHK+8T9CHnbHdMNXFM4wgRq90F 4Dc1UrHeGKRfWrH9hGCH5Y3H3EFhKB8WUKrIQ1vTDfu1+2reHHk= =ItW0 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
