iPadOS
iPadOS 18.7.2
Official advisory38 CVEs fixed by this release.
- Release date
- 2025-11-05
- End of support
- —
- CVEs fixed
- 38
- CISA KEV
- 2
- Critical
- 0
- High
- 0
- NVD pending
- 38
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-43510
KEV
[Apple Kernel] A malicious application may cause unexpected changes in memory shared between processes |
N/A | KEV | [Apple Kernel] A malicious application may cause unexpected changes in memory shared between processes | |
|
CVE-2025-43520
KEV
[Apple Kernel] A malicious application may be able to cause unexpected system termination or write kernel memory |
N/A | KEV | [Apple Kernel] A malicious application may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-43511
[Apple WebKit Web Inspector] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit Web Inspector] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43365
[Apple MetricKit] An unprivileged process may be able to terminate a root processes |
N/A | — | [Apple MetricKit] An unprivileged process may be able to terminate a root processes | |
|
CVE-2025-43377
[Apple Model I/O] An app may be able to cause a denial-of-service |
N/A | — | [Apple Model I/O] An app may be able to cause a denial-of-service | |
|
CVE-2025-43383
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43384
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43385
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43386
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43389
[Apple Notes] An app may be able to access sensitive user data |
N/A | — | [Apple Notes] An app may be able to access sensitive user data | |
|
CVE-2025-43392
[Apple WebKit Canvas] A website may exfiltrate image data cross-origin |
N/A | — | [Apple WebKit Canvas] A website may exfiltrate image data cross-origin | |
|
CVE-2025-43398
[Apple Kernel] An app may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination | |
|
CVE-2025-43399
[Apple Siri] An app may be able to access protected user data |
N/A | — | [Apple Siri] An app may be able to access protected user data | |
|
CVE-2025-43418
[Apple Spotlight] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple Spotlight] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-43423
[Apple Audio] An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive us… |
N/A | — | [Apple Audio] An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging | |
|
CVE-2025-43429
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43431
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-43433
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-43434
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43435
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43438
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43439
[Apple On-device Intelligence] An app may be able to fingerprint the user |
N/A | — | [Apple On-device Intelligence] An app may be able to fingerprint the user | |
|
CVE-2025-43441
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43442
[Apple Accessibility] An app may be able to identify what other apps a user has installed |
N/A | — | [Apple Accessibility] An app may be able to identify what other apps a user has installed | |
|
CVE-2025-43443
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43444
[Apple Installer] An app may be able to fingerprint the user |
N/A | — | [Apple Installer] An app may be able to fingerprint the user | |
|
CVE-2025-43445
[Apple CoreText] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process … |
N/A | — | [Apple CoreText] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43448
[Apple CloudKit] An app may be able to break out of its sandbox |
N/A | — | [Apple CloudKit] An app may be able to break out of its sandbox | |
|
CVE-2025-43450
[Apple Camera] An app may be able to learn information about the current camera view before being granted camera access |
N/A | — | [Apple Camera] An app may be able to learn information about the current camera view before being granted camera access | |
|
CVE-2025-43454
[Apple Siri] A device may persistently fail to lock |
N/A | — | [Apple Siri] A device may persistently fail to lock | |
|
CVE-2025-43458
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43493
[Apple Safari] Visiting a malicious website may lead to address bar spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to address bar spoofing | |
|
CVE-2025-43494
[Apple Mail] An attacker may be able to cause a persistent denial-of-service |
N/A | — | [Apple Mail] An attacker may be able to cause a persistent denial-of-service | |
|
CVE-2025-43495
[Apple WebKit] An app may be able to monitor keystrokes without user permission |
N/A | — | [Apple WebKit] An app may be able to monitor keystrokes without user permission | |
|
CVE-2025-43496
[Apple Mail] Remote content may be loaded even when the 'Load Remote Images' setting is turned off |
N/A | — | [Apple Mail] Remote content may be loaded even when the 'Load Remote Images' setting is turned off | |
|
CVE-2025-43499
[Apple Shortcuts] An app may be able to access sensitive user data |
N/A | — | [Apple Shortcuts] An app may be able to access sensitive user data | |
|
CVE-2025-43503
[Apple Safari] Visiting a malicious website may lead to user interface spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to user interface spoofing | |
|
CVE-2025-43507
[Apple Find My] An app may be able to fingerprint the user |
N/A | — | [Apple Find My] An app may be able to fingerprint the user |