iPadOS
iPadOS 18.7.3
Official advisory23 CVEs fixed by this release.
- Release date
- 2025-12-12
- End of support
- —
- CVEs fixed
- 23
- CISA KEV
- 2
- Critical
- 0
- High
- 2
- NVD pending
- 19
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-14174
KEV
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perfo… |
HIGH 8.8 | KEV | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a cra… | |
|
CVE-2025-43529
KEV
[Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a rep… |
N/A | KEV | [Apple WebKit] Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploi… | |
|
CVE-2025-9086
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to spea… |
HIGH 7.5 | — | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostnam… | |
|
CVE-2024-7264
[Apple curl] Multiple issues in curl |
MEDIUM 6.5 | — | [Apple curl] Multiple issues in curl | |
|
CVE-2025-5918
[Apple libarchive] Processing a file may lead to memory corruption |
LOW 3.9 | — | [Apple libarchive] Processing a file may lead to memory corruption | |
|
CVE-2025-46290
[Apple Security] A remote attacker may be able to cause a denial-of-service |
N/A | — | [Apple Security] A remote attacker may be able to cause a denial-of-service | |
|
CVE-2025-43501
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43512
[Apple Kernel] An app may be able to elevate privileges |
N/A | — | [Apple Kernel] An app may be able to elevate privileges | |
|
CVE-2025-43530
[Apple VoiceOver] An app may be able to access sensitive user data |
N/A | — | [Apple VoiceOver] An app may be able to access sensitive user data | |
|
CVE-2025-43531
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43532
[Apple Foundation] Processing malicious data may lead to unexpected app termination |
N/A | — | [Apple Foundation] Processing malicious data may lead to unexpected app termination | |
|
CVE-2025-43535
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43536
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43538
[Apple Screen Time] An app may be able to access sensitive user data |
N/A | — | [Apple Screen Time] An app may be able to access sensitive user data | |
|
CVE-2025-43539
[Apple AppleJPEG] Processing a file may lead to memory corruption |
N/A | — | [Apple AppleJPEG] Processing a file may lead to memory corruption | |
|
CVE-2025-43541
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43542
[Apple FaceTime] Password fields may be unintentionally revealed when remotely controlling a device over FaceTime |
N/A | — | [Apple FaceTime] Password fields may be unintentionally revealed when remotely controlling a device over FaceTime | |
|
CVE-2025-46276
[Apple Messages] An app may be able to access sensitive user data |
N/A | — | [Apple Messages] An app may be able to access sensitive user data | |
|
CVE-2025-46279
[Apple Icons] An app may be able to identify what other apps a user has installed |
N/A | — | [Apple Icons] An app may be able to identify what other apps a user has installed | |
|
CVE-2025-46285
[Apple Kernel] An app may be able to gain root privileges |
N/A | — | [Apple Kernel] An app may be able to gain root privileges | |
|
CVE-2025-46287
[Apple Call History] An attacker may be able to spoof their FaceTime caller ID |
N/A | — | [Apple Call History] An attacker may be able to spoof their FaceTime caller ID | |
|
CVE-2025-46292
[Apple Telephony] An app may be able to access user-sensitive data |
N/A | — | [Apple Telephony] An app may be able to access user-sensitive data | |
|
CVE-2025-46311
[Apple Mail] An app may be able to access sensitive user data |
N/A | — | [Apple Mail] An app may be able to access sensitive user data |