This document describes the security content of iOS 26 and iPadOS 26.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released September 15, 2025
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43344: an anonymous researcher
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43317: Mickey Jin (@patch1t)
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43346: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43354: Csaba Fitzl (@theevilbit) of Kandji
CVE-2025-43303: Csaba Fitzl (@theevilbit) of Kandji
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted video file may lead to unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2025-43349: @zlluny working with Trend Micro Zero Day Initiative
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input validation.
CVE-2025-43372: 이동하 (Lee Dong Ha) of SSA Lab
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2025-43302: Keisuke Hosoda
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A UDP server socket bound to a local interface may become bound to all interfaces
Description: A logic issue was addressed with improved state management.
CVE-2025-43359: Viktor Oreshkin
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to monitor keystrokes without user permission
Description: The issue was addressed with improved checks.
CVE-2025-43362: Philipp Baldauf
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause a denial-of-service
Description: A type confusion issue was addressed with improved memory handling.
CVE-2025-43355: Dawuge of Shuffle Team
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note
Description: The issue was addressed with improved handling of caches.
CVE-2025-43203: Tom Brzezinski
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to unexpected URL redirection
Description: This issue was addressed with improved URL validation.
CVE-2025-31254: Evan Waelde
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-43329: an anonymous researcher
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A shortcut may be able to bypass sandbox restrictions
Description: A permissions issue was addressed with additional sandbox restrictions.
CVE-2025-43358: 정답이 아닌 해답
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Private Browsing tabs may be accessed without authentication
Description: This issue was addressed through improved state management.
CVE-2025-30468: Richard Hyunho Im (@richeeta)
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2025-43190: Noah Gregory (wts.dev)
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-6965
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An input validation issue was addressed
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-43347: JZ, Seo Hyun-gyu (@wh1te4ever), Luke Roberts (@rookuu)
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Keyboard suggestions may display sensitive information on the lock screen
Description: This issue was addressed by restricting options offered on a locked device.
CVE-2025-24133: Joey Hewitt, an anonymous researcher, Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott (@MrPeriPeri) & Richard Hyunho Im (@richeeta), Mark Bowers, Dylan Rollins, Arthur Baudoin, Andr.Ess
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A website may be able to access sensor information without user consent
Description: The issue was addressed with improved handling of caches.
WebKit Bugzilla: 296153
CVE-2025-43356: Jaydev Ahire
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 294550
CVE-2025-43272: Big Bear
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 296490
CVE-2025-43343: an anonymous researcher
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A correctness issue was addressed with improved checks.
WebKit Bugzilla: 296042
CVE-2025-43342: an anonymous researcher
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 296276
CVE-2025-43368: Pawel Wylecial of REDTEAM.PL working with Trend Micro Zero Day Initiative
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India, Himanshu Bharti @Xpl0itme From Khatima for their assistance.
We would like to acknowledge Lehan Dilusha Jayasingha, 要乐奈 for their assistance.
We would like to acknowledge Rosyna Keller of Totally Not Malicious Software for their assistance.
We would like to acknowledge Keisuke Chinone (Iroiro) for their assistance.
We would like to acknowledge Descartes, Yusuf Kelany, an anonymous researcher for their assistance.
We would like to acknowledge Christian Kohlschütter for their assistance.
We would like to acknowledge Yinyi Wu (@_3ndy1) from Dawn Security Lab of JD.com, Inc for their assistance.
We would like to acknowledge Damitha Gunawardena for their assistance.
We would like to acknowledge Noah Gregory (wts.dev) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge an anonymous researcher for their assistance.
We would like to acknowledge Tyler Montgomery for their assistance.
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance.
We would like to acknowledge Dawuge of Shuffle Team, Hikerell (Loadshine Lab), Joshua Jones, YingQi Shi (@Mas0nShi) and ChengQiang Jin (@白斩鸡) of DBAppSecurity's WeBin lab for their assistance.
We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.
We would like to acknowledge Wang Yu of Cyberserval for their assistance.
We would like to acknowledge Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.
We would like to acknowledge Jonathan Thach, Pyrophoria and Ethan Day, kado for their assistance.
We would like to acknowledge Barrett Lyon for their assistance.
We would like to acknowledge Dora Orak for their assistance.
We would like to acknowledge Dragon Fruit Security (Davis Dai & ORAC落云 & Frank Du) for their assistance.
We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance.
We would like to acknowledge Atul R V for their assistance.
We would like to acknowledge Christian Kohlschütter for their assistance.
We would like to acknowledge Dalibor Milanovic for their assistance.
We would like to acknowledge Ameen Basha M K, Chi Yuan Chang of ZUSO ART and taikosoup, Dalibor Milanovic, HitmanAlharbi (@HitmanF15), Jake Derouin (jakederouin.com), Jaydev Ahire, Kenneth Chew for their assistance.
We would like to acknowledge Rosyna Keller of Totally Not Malicious Software for their assistance.
We would like to acknowledge Jatayu Holznagel (@jholznagel), THANSEER KP for their assistance.
We would like to acknowledge Edwin R. for their assistance.
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India, Amandeep Singh Banga, Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/), Dalibor Milanovic, M. Aman Shahid (@amansmughal) for their assistance.
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India for their assistance.
We would like to acknowledge Christian Scalese, Jake Derouin (jakederouin.com) for their assistance.
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India, Dalibor Milanovic, Jonathan Thach for their assistance.
We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog), 要乐奈 for their assistance.
We would like to acknowledge Muhaned Almoghira for their assistance.
We would like to acknowledge Bob Lord, Matthew Liang, Mike Cardwell of grepular.com, Stanley Lee Linton for their assistance.
We would like to acknowledge Aobo Wang (@M4x_1997), Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance.
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India for their assistance.