About the security content of iOS 18 and iPadOS 18

This document describes the security content of iOS 18 and iPadOS 18.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 18 and iPadOS 18

Released September 16, 2024

Accessibility

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed through improved state management.

CVE-2024-40840: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

Accessibility

Impact: An app may be able to enumerate a user's installed apps

Description: This issue was addressed with improved data protection.

CVE-2024-40830: Chloe Surett

Accessibility

Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features

Description: This issue was addressed through improved state management.

CVE-2024-44171: Jake Derouin

Accessibility

Impact: An attacker may be able to see recent photos without authentication in Assistive Access

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40852: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

ARKit

Impact: Processing a maliciously crafted file may lead to heap corruption

Description: The issue was addressed with improved checks.

CVE-2024-44126: Holger Fuhrmannek

Entry added October 28, 2024

Cellular

Impact: A remote attacker may be able to cause a denial-of-service

Description: This issue was addressed through improved state management.

CVE-2024-27874: Tuan D. Hoang

Compression

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: A race condition was addressed with improved locking.

CVE-2024-27876: Snoolie Keffaber (@0xilis)

Control Center

Impact: An app may be able to record the screen without an indicator

Description: The issue was addressed with improved checks.

CVE-2024-27869: an anonymous researcher

Core Bluetooth

Impact: A malicious Bluetooth input device may bypass pairing

Description: This issue was addressed through improved state management.

CVE-2024-44124: Daniele Antonioli

FileProvider

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved validation of symlinks.

CVE-2024-44131: @08Tc3wBB of Jamf

Game Center

Impact: An app may be able to access user-sensitive data

Description: A file access issue was addressed with improved input validation.

CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-27880: Junsung Lee

ImageIO

Impact: Processing an image may lead to a denial-of-service

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative and an anonymous researcher

IOSurfaceAccelerator

Impact: An app may be able to cause unexpected system termination

Description: The issue was addressed with improved memory handling.

CVE-2024-44169: Antonio Zekić

Kernel

Impact: Network traffic may leak outside a VPN tunnel

Description: A logic issue was addressed with improved checks.

CVE-2024-44165: Andrew Lytvynov

Kernel

Impact: An app may gain unauthorized access to Bluetooth

Description: This issue was addressed through improved state management.

CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

libxml2

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: An integer overflow was addressed through improved input validation.

CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero

Mail Accounts

Impact: An app may be able to access information about a user's contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

mDNSResponder

Impact: An app may be able to cause a denial-of-service

Description: A logic error was addressed with improved error handling.

CVE-2024-44183: Olivier Levon

Model I/O

Impact: Processing a maliciously crafted image may lead to a denial-of-service

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2023-5841

NetworkExtension

Impact: An app may gain unauthorized access to Local Network

Description: This issue was addressed through improved state management.

CVE-2024-44147: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

Notes

Impact: An app may be able to overwrite arbitrary files

Description: This issue was addressed by removing the vulnerable code.

CVE-2024-44167: ajajfxhj

Passwords

Impact: Password autofill may fill in passwords after failing authentication

Description: A permissions issue was addressed by removing vulnerable code and adding additional checks.

CVE-2024-44217: Bistrit Dahal, an anonymous researcher, Joshua Keller

Entry added October 28, 2024

Printing

Impact: An unencrypted document may be written to a temporary file when using print preview

Description: A privacy issue was addressed with improved handling of files.

CVE-2024-40826: an anonymous researcher

Safari

Impact: Maliciously crafted web content may violate iframe sandboxing policy

Description: A custom URL scheme handling issue was addressed with improved input validation.

CVE-2024-44155: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Entry added October 28, 2024

Safari Private Browsing

Impact: Private Browsing tabs may be accessed without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2024-44202: Kenneth Chew

Safari Private Browsing

Impact: Private Browsing tabs may be accessed without authentication

Description: This issue was addressed through improved state management.

CVE-2024-44127: Anamika Adhikari

Sandbox

Impact: An app may be able to leak sensitive user information

Description: This issue was addressed with improved data protection.

CVE-2024-40863: Csaba Fitzl (@theevilbit) of Kandji

Entry updated October 28, 2024

SceneKit

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: A buffer overflow was addressed with improved size validation.

CVE-2024-44144: 냥냥

Entry added October 28, 2024

Security

Impact: A malicious app with root privileges may be able to access keyboard input and location information without user consent

Description: A permissions issue was addressed with additional restrictions.

CVE-2024-44123: Wojciech Regula of SecuRing (wojciechregula.blog)

Entry added October 28, 2024

Sidecar

Available for: iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access to a macOS device with Sidecar enabled may be able to bypass the Lock Screen

Description: This issue was addressed through improved state management.

CVE-2024-44145: Om Kothawade of Zaprico Digital, Omar A. Alanis from the UNTHSC College of Pharmacy

Entry added October 28, 2024

Siri

Impact: An attacker may be able to use Siri to enable Auto-Answer Calls

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40853: Chi Yuan Chang of ZUSO ART and taikosoup

Entry added October 28, 2024

Siri

Impact: An attacker with physical access may be able to access contacts from the lock screen

Description: The issue was addressed with improved checks.

CVE-2024-44139: Srijan Poudel

CVE-2024-44180: Bistrit Dahal

Siri

Impact: An app may be able to access user-sensitive data

Description: A privacy issue was addressed by moving sensitive data to a more secure location.

CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)

Transparency

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with additional restrictions.

CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

UIKit

Impact: An attacker may be able to cause unexpected app termination

Description: The issue was addressed with improved bounds checks.

CVE-2024-27879: Justin Cohen

WebKit

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: This issue was addressed through improved state management.

WebKit Bugzilla: 268724

CVE-2024-40857: Ron Masas

WebKit

Impact: A malicious website may exfiltrate data cross-origin

Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.

WebKit Bugzilla: 279452

CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Wi-Fi

Impact: An attacker may be able to force a device to disconnect from a secure network

Description: An integrity issue was addressed with Beacon Protection.

CVE-2024-40856: Domien Schepers

Additional recognition

Core Bluetooth

We would like to acknowledge Nicholas C. of Onymos Inc. (onymos.com) for their assistance.

Foundation

We would like to acknowledge Ostorlab for their assistance.

Installer

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Chi Yuan Chang of ZUSO ART and taikosoup, Christian Scalese, Ishan Boda, Shane Gallagher for their assistance.

Entry updated October 28, 2024

Kernel

We would like to acknowledge Braxton Anderson, Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik, Fakhri Zulkifli (@d0lph1n98) of PixiePoint Security for their assistance.

Magnifier

We would like to acknowledge Andr.Ess for their assistance.

Maps

We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Messages

We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup for their assistance.

MobileLockdown

We would like to acknowledge Andr.Ess for their assistance.

Notifications

We would like to acknowledge an anonymous researcher for their assistance.

Passwords

We would like to acknowledge Richard Hyunho Im (@r1cheeta) for their assistance.

Photos

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Harsh Tyagi, Kenneth Chew, Leandro Chaves, Saurabh Kumar from Technocrat Institute of Technology Bhopal, Shibin B Shaji, Vishnu Prasad P G, UST, Yusuf Kelany for their assistance.

Safari

We would like to acknowledge Hafiizh and YoKo Kho (@yokoacc) of HakTrak, James Lee (@Windowsrcer) for their assistance.

Shortcuts

We would like to acknowledge Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Jacob Braun, an anonymous researcher for their assistance.

Siri

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Rohan Paudel, an anonymous researcher for their assistance.

Entry updated October 28, 2024

Spotlight

We would like to acknowledge Paulo Henrique Batista Rosa de Castro (@paulohbrc) for their assistance.

Entry added October 28, 2024

Status Bar

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Jacob Braun for their assistance.

TCC

We would like to acknowledge Vaibhav Prajapati for their assistance.

UIKit

We would like to acknowledge Andr.Ess for their assistance.

Voice Memos

We would like to acknowledge Lisa B for their assistance.

WebKit

We would like to acknowledge Avi Lumelsky of Oligo Security, Uri Katz of Oligo Security, Braylon (@softwarescool), Eli Grey (eligrey.com), Johan Carlsson (joaxcar), Numan Türle - Rıza Sabuncu for their assistance.

Entry updated October 28, 2024

Wi-Fi

We would like to acknowledge Antonio Zekic (@antoniozekic) and ant4g0nist, Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Publicēšanas datums: 2024. gada 28. oktobris