iOS
iOS 18.7
Official advisory13 CVEs fixed by this release.
- Release date
- 2025-09-15
- End of support
- —
- CVEs fixed
- 13
- CISA KEV
- 0
- Critical
- 0
- High
- 0
- NVD pending
- 13
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-43203
[Apple Notes] An attacker with physical access to an unlocked device may be able to view an image in the most recently … |
N/A | — | [Apple Notes] An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note | |
|
CVE-2025-43295
[Apple libc] An app may be able to cause a denial-of-service |
N/A | — | [Apple libc] An app may be able to cause a denial-of-service | |
|
CVE-2025-43299
[Apple libc] An app may be able to cause a denial-of-service |
N/A | — | [Apple libc] An app may be able to cause a denial-of-service | |
|
CVE-2025-43302
[Apple IOHIDFamily] An app may be able to cause unexpected system termination |
N/A | — | [Apple IOHIDFamily] An app may be able to cause unexpected system termination | |
|
CVE-2025-43342
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43345
[Apple Kernel] An app may be able to access sensitive user data |
N/A | — | [Apple Kernel] An app may be able to access sensitive user data | |
|
CVE-2025-43346
[Apple Audio] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process mem… |
N/A | — | [Apple Audio] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43349
[Apple CoreAudio] Processing a maliciously crafted video file may lead to unexpected app termination |
N/A | — | [Apple CoreAudio] Processing a maliciously crafted video file may lead to unexpected app termination | |
|
CVE-2025-43355
[Apple MobileStorageMounter] An app may be able to cause a denial-of-service |
N/A | — | [Apple MobileStorageMounter] An app may be able to cause a denial-of-service | |
|
CVE-2025-43356
[Apple WebKit] A website may be able to access sensor information without user consent |
N/A | — | [Apple WebKit] A website may be able to access sensor information without user consent | |
|
CVE-2025-43358
[Apple Shortcuts] A shortcut may be able to bypass sandbox restrictions |
N/A | — | [Apple Shortcuts] A shortcut may be able to bypass sandbox restrictions | |
|
CVE-2025-43359
[Apple Kernel] A UDP server socket bound to a local interface may become bound to all interfaces |
N/A | — | [Apple Kernel] A UDP server socket bound to a local interface may become bound to all interfaces | |
|
CVE-2025-43362
[Apple LaunchServices] An app may be able to monitor keystrokes without user permission |
N/A | — | [Apple LaunchServices] An app may be able to monitor keystrokes without user permission |