About the security content of iOS 18.7 and iPadOS 18.7

This document describes the security content of iOS 18.7 and iPadOS 18.7.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 18.7 and iPadOS 18.7

Audio

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2025-43346: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

CoreAudio

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted video file may lead to unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2025-43349: @zlluny working with Trend Micro Zero Day Initiative

IOHIDFamily

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2025-43302: Keisuke Hosoda

Kernel

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A UDP server socket bound to a local interface may become bound to all interfaces

Description: A logic issue was addressed with improved state management.

CVE-2025-43359: Viktor Oreshkin

LaunchServices

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to monitor keystrokes without user permission

Description: The issue was addressed with improved checks.

CVE-2025-43362: Philipp Baldauf

libc

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause a denial-of-service

Description: A denial-of-service issue was addressed with improved validation.

CVE-2025-43299: Nathaniel Oh (@calysteon)

CVE-2025-43295: Nathaniel Oh (@calysteon)

MobileStorageMounter

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause a denial-of-service

Description: A type confusion issue was addressed with improved memory handling.

CVE-2025-43355: Dawuge of Shuffle Team

Notes

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note

Description: The issue was addressed with improved handling of caches.

CVE-2025-43203: Tom Brzezinski

Shortcuts

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A shortcut may be able to bypass sandbox restrictions

Description: A permissions issue was addressed with additional sandbox restrictions.

CVE-2025-43358: 정답이 아닌 해답

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A website may be able to access sensor information without user consent

Description: The issue was addressed with improved handling of caches.

CVE-2025-43356: Jaydev Ahire

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A correctness issue was addressed with improved checks.

CVE-2025-43342: an anonymous researcher

Additional recognition

IOGPUFamily

We would like to acknowledge Wang Yu of Cyberserval for their assistance.

libpthread

We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.

libxml2

We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.

Lockdown Mode

We would like to acknowledge Pyrophoria and Ethan Day, kado for their assistance.

Wi-Fi

We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance.