iPadOS
iPadOS 18.3
Official advisory40 CVEs fixed by this release.
- Release date
- 2025-01-27
- End of support
- —
- CVEs fixed
- 40
- CISA KEV
- 1
- Critical
- 0
- High
- 2
- NVD pending
- 38
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-24085
KEV
[Apple CoreMedia] A malicious application may be able to elevate privileges. Apple is aware of a report that this issue… |
N/A | KEV | [Apple CoreMedia] A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited agains… | |
|
CVE-2024-55549
xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue |
HIGH 7.8 | — | xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue | |
|
CVE-2025-24855
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can… |
HIGH 7.8 | — | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is… | |
|
CVE-2025-24111
[Apple Display] An app may be able to cause unexpected system termination |
N/A | — | [Apple Display] An app may be able to cause unexpected system termination | |
|
CVE-2025-24144
[Apple Kernel] An app may be able to leak sensitive kernel state |
N/A | — | [Apple Kernel] An app may be able to leak sensitive kernel state | |
|
CVE-2025-24113
[Apple Safari] Visiting a malicious website may lead to user interface spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to user interface spoofing | |
|
CVE-2025-24126
[Apple AirPlay] An attacker on the local network may be able to corrupt process memory |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to corrupt process memory | |
|
CVE-2025-24129
[Apple AirPlay] An attacker on the local network may cause an unexpected app termination |
N/A | — | [Apple AirPlay] An attacker on the local network may cause an unexpected app termination | |
|
CVE-2025-24131
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-24163
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24177
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-24179
[Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service |
N/A | — | [Apple AirPlay] An attacker on the local network may be able to cause a denial-of-service | |
|
CVE-2025-24086
[Apple ImageIO] Processing an image may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing an image may lead to a denial-of-service | |
|
CVE-2025-24089
[Apple Icons] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple Icons] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-24090
[Apple Icons] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple Icons] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-24091
[Apple Libnotify] An app may be able to cause a denial-of-service |
N/A | — | [Apple Libnotify] An app may be able to cause a denial-of-service | |
|
CVE-2025-24104
[Apple Managed Configuration] Restoring a maliciously crafted backup file may lead to modification of protected system … |
N/A | — | [Apple Managed Configuration] Restoring a maliciously crafted backup file may lead to modification of protected system files | |
|
CVE-2025-24107
[Apple Kernel] A malicious app may be able to gain root privileges |
N/A | — | [Apple Kernel] A malicious app may be able to gain root privileges | |
|
CVE-2025-24117
[Apple LaunchServices] An app may be able to fingerprint the user |
N/A | — | [Apple LaunchServices] An app may be able to fingerprint the user | |
|
CVE-2025-24123
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24124
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24127
[Apple ARKit] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple ARKit] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24128
[Apple Safari] Visiting a malicious website may lead to address bar spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to address bar spoofing | |
|
CVE-2025-24137
[Apple AirPlay] An attacker on the local network may corrupt process memory |
N/A | — | [Apple AirPlay] An attacker on the local network may corrupt process memory | |
|
CVE-2025-24141
[Apple Accessibility] An attacker with physical access to an unlocked device may be able to access Photos while the app… |
N/A | — | [Apple Accessibility] An attacker with physical access to an unlocked device may be able to access Photos while the app is locked | |
|
CVE-2025-24143
[Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user |
N/A | — | [Apple WebKit] A maliciously crafted webpage may be able to fingerprint the user | |
|
CVE-2025-24145
[Apple Time Zone] An app may be able to view a contact's phone number in system logs |
N/A | — | [Apple Time Zone] An app may be able to view a contact's phone number in system logs | |
|
CVE-2025-24149
[Apple SceneKit] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple SceneKit] Parsing a file may lead to disclosure of user information | |
|
CVE-2025-24150
[Apple WebKit Web Inspector] Copying a URL from Web Inspector may lead to command injection |
N/A | — | [Apple WebKit Web Inspector] Copying a URL from Web Inspector may lead to command injection | |
|
CVE-2025-24154
[Apple WebContentFilter] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple WebContentFilter] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-24158
[Apple WebKit] Processing web content may lead to a denial-of-service |
N/A | — | [Apple WebKit] Processing web content may lead to a denial-of-service | |
|
CVE-2025-24159
[Apple Kernel] An app may be able to execute arbitrary code with kernel privileges |
N/A | — | [Apple Kernel] An app may be able to execute arbitrary code with kernel privileges | |
|
CVE-2025-24160
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24161
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-24162
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-24184
[Apple CoreMedia Playback] An app may be able to cause unexpected system termination |
N/A | — | [Apple CoreMedia Playback] An app may be able to cause unexpected system termination | |
|
CVE-2025-24189
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31185
[Apple Safari] Photos in the Hidden Photos Album may be viewed without authentication |
N/A | — | [Apple Safari] Photos in the Hidden Photos Album may be viewed without authentication | |
|
CVE-2025-31262
[Apple PackageKit] An app may be able to modify protected parts of the file system |
N/A | — | [Apple PackageKit] An app may be able to modify protected parts of the file system | |
|
CVE-2024-9956
Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication |
N/A | — | Chromium: CVE-2024-9956 Inappropriate implementation in Web Authentication |