iPadOS
iPadOS 18.6
Official advisory32 CVEs fixed by this release.
- Release date
- 2025-07-29
- End of support
- —
- CVEs fixed
- 32
- CISA KEV
- 2
- Critical
- 0
- High
- 2
- NVD pending
- 29
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-31277
KEV
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | KEV | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-6558
KEV
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | KEV | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-6965
[Apple SQLite] Processing a file may lead to memory corruption |
HIGH 9.8 | — | [Apple SQLite] Processing a file may lead to memory corruption | |
|
CVE-2025-7425
[Apple libxml2] Processing a file may lead to memory corruption |
HIGH 7.8 | — | [Apple libxml2] Processing a file may lead to memory corruption | |
|
CVE-2025-7424
[Apple libxslt] Processing maliciously crafted web content may lead to memory corruption |
MEDIUM 7.3 | — | [Apple libxslt] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-43277
[Apple CoreAudio] Processing a maliciously crafted audio file may lead to memory corruption |
N/A | — | [Apple CoreAudio] Processing a maliciously crafted audio file may lead to memory corruption | |
|
CVE-2025-31229
[Apple Accessibility] Passcode may be read aloud by VoiceOver |
N/A | — | [Apple Accessibility] Passcode may be read aloud by VoiceOver | |
|
CVE-2025-31273
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31276
[Apple Mail Drafts] Remote content may be loaded even when the 'Load Remote Images' setting is turned off |
N/A | — | [Apple Mail Drafts] Remote content may be loaded even when the 'Load Remote Images' setting is turned off | |
|
CVE-2025-31278
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31281
[Apple Model I/O] Processing a maliciously crafted file may lead to unexpected app termination |
N/A | — | [Apple Model I/O] Processing a maliciously crafted file may lead to unexpected app termination | |
|
CVE-2025-43186
[Apple afclip] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple afclip] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-43202
[Apple libnetcore] Processing a file may lead to memory corruption |
N/A | — | [Apple libnetcore] Processing a file may lead to memory corruption | |
|
CVE-2025-43209
[Apple ICU] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple ICU] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43210
[Apple CoreMedia] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43211
[Apple WebKit] Processing web content may lead to a denial-of-service |
N/A | — | [Apple WebKit] Processing web content may lead to a denial-of-service | |
|
CVE-2025-43212
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43213
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43214
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43216
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43217
[Apple Accessibility] Privacy Indicators for microphone or camera access may not be correctly displayed |
N/A | — | [Apple Accessibility] Privacy Indicators for microphone or camera access may not be correctly displayed | |
|
CVE-2025-43221
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43223
[Apple CFNetwork] A non-privileged user may be able to modify restricted network settings |
N/A | — | [Apple CFNetwork] A non-privileged user may be able to modify restricted network settings | |
|
CVE-2025-43224
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43226
[Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory |
N/A | — | [Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory | |
|
CVE-2025-43227
[Apple WebKit] Processing maliciously crafted web content may disclose sensitive user information |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may disclose sensitive user information | |
|
CVE-2025-43228
[Apple WebKit] Visiting a malicious website may lead to address bar spoofing |
N/A | — | [Apple WebKit] Visiting a malicious website may lead to address bar spoofing | |
|
CVE-2025-43230
[Apple CoreMedia Playback] An app may be able to access user-sensitive data |
N/A | — | [Apple CoreMedia Playback] An app may be able to access user-sensitive data | |
|
CVE-2025-43234
[Apple Metal] Processing a maliciously crafted texture may lead to unexpected app termination |
N/A | — | [Apple Metal] Processing a maliciously crafted texture may lead to unexpected app termination | |
|
CVE-2025-43265
[Apple WebKit] Processing maliciously crafted web content may disclose internal states of the app |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may disclose internal states of the app | |
|
CVE-2025-43280
[Apple Mail Drafts] Forwarding an email could display remote images in Mail in Lockdown Mode |
N/A | — | [Apple Mail Drafts] Forwarding an email could display remote images in Mail in Lockdown Mode | |
|
CVE-2025-43282
[Apple Kernel] An app may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination |