iPadOS
iPadOS 26.1
Official advisory62 CVEs fixed by this release.
- Release date
- 2025-11-03
- End of support
- —
- CVEs fixed
- 62
- CISA KEV
- 2
- Critical
- 0
- High
- 0
- NVD pending
- 61
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2025-43510
KEV
[Apple Kernel] A malicious application may cause unexpected changes in memory shared between processes |
N/A | KEV | [Apple Kernel] A malicious application may cause unexpected changes in memory shared between processes | |
|
CVE-2025-43520
KEV
[Apple Kernel] A malicious application may be able to cause unexpected system termination or write kernel memory |
N/A | KEV | [Apple Kernel] A malicious application may be able to cause unexpected system termination or write kernel memory | |
|
CVE-2025-46316
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPa… |
MEDIUM 4.3 | — | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a… | |
|
CVE-2025-43383
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43384
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43385
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43386
[Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple Model I/O] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43389
[Apple Notes] An app may be able to access sensitive user data |
N/A | — | [Apple Notes] An app may be able to access sensitive user data | |
|
CVE-2025-43392
[Apple WebKit Canvas] A website may exfiltrate image data cross-origin |
N/A | — | [Apple WebKit Canvas] A website may exfiltrate image data cross-origin | |
|
CVE-2025-43398
[Apple Kernel] An app may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] An app may be able to cause unexpected system termination | |
|
CVE-2025-43418
[Apple Spotlight] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple Spotlight] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-43423
[Apple Audio] An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive us… |
N/A | — | [Apple Audio] An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging | |
|
CVE-2025-43429
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43431
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-43433
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-43434
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43435
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43438
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43439
[Apple On-device Intelligence] An app may be able to fingerprint the user |
N/A | — | [Apple On-device Intelligence] An app may be able to fingerprint the user | |
|
CVE-2025-43441
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43442
[Apple Accessibility] An app may be able to identify what other apps a user has installed |
N/A | — | [Apple Accessibility] An app may be able to identify what other apps a user has installed | |
|
CVE-2025-43443
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43444
[Apple Installer] An app may be able to fingerprint the user |
N/A | — | [Apple Installer] An app may be able to fingerprint the user | |
|
CVE-2025-43445
[Apple CoreText] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process … |
N/A | — | [Apple CoreText] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-43448
[Apple CloudKit] An app may be able to break out of its sandbox |
N/A | — | [Apple CloudKit] An app may be able to break out of its sandbox | |
|
CVE-2025-43450
[Apple Camera] An app may be able to learn information about the current camera view before being granted camera access |
N/A | — | [Apple Camera] An app may be able to learn information about the current camera view before being granted camera access | |
|
CVE-2025-43454
[Apple Siri] A device may persistently fail to lock |
N/A | — | [Apple Siri] A device may persistently fail to lock | |
|
CVE-2025-43458
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43493
[Apple Safari] Visiting a malicious website may lead to address bar spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to address bar spoofing | |
|
CVE-2025-43494
[Apple Mail] An attacker may be able to cause a persistent denial-of-service |
N/A | — | [Apple Mail] An attacker may be able to cause a persistent denial-of-service | |
|
CVE-2025-43495
[Apple WebKit] An app may be able to monitor keystrokes without user permission |
N/A | — | [Apple WebKit] An app may be able to monitor keystrokes without user permission | |
|
CVE-2025-43496
[Apple Mail] Remote content may be loaded even when the 'Load Remote Images' setting is turned off |
N/A | — | [Apple Mail] Remote content may be loaded even when the 'Load Remote Images' setting is turned off | |
|
CVE-2025-43503
[Apple Safari] Visiting a malicious website may lead to user interface spoofing |
N/A | — | [Apple Safari] Visiting a malicious website may lead to user interface spoofing | |
|
CVE-2025-43507
[Apple Find My] An app may be able to fingerprint the user |
N/A | — | [Apple Find My] An app may be able to fingerprint the user | |
|
CVE-2025-43294
[Apple MallocStackLogging] An app may be able to access sensitive user data |
N/A | — | [Apple MallocStackLogging] An app may be able to access sensitive user data | |
|
CVE-2025-43350
[Apple Control Center] An attacker may be able to view restricted content from the lock screen |
N/A | — | [Apple Control Center] An attacker may be able to view restricted content from the lock screen | |
|
CVE-2025-43379
[Apple AppleMobileFileIntegrity] An app may be able to access protected user data |
N/A | — | [Apple AppleMobileFileIntegrity] An app may be able to access protected user data | |
|
CVE-2025-43391
[Apple Photos] An app may be able to access sensitive user data |
N/A | — | [Apple Photos] An app may be able to access sensitive user data | |
|
CVE-2025-43407
[Apple Assets] An app may be able to break out of its sandbox |
N/A | — | [Apple Assets] An app may be able to break out of its sandbox | |
|
CVE-2025-43413
[Apple libxpc] A sandboxed app may be able to observe system-wide network connections |
N/A | — | [Apple libxpc] A sandboxed app may be able to observe system-wide network connections | |
|
CVE-2025-43421
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43422
[Apple Stolen Device Protection] An attacker with physical access to a device may be able to disable Stolen Device Prot… |
N/A | — | [Apple Stolen Device Protection] An attacker with physical access to a device may be able to disable Stolen Device Protection | |
|
CVE-2025-43424
[Apple Multi-Touch] A malicious HID device may cause an unexpected process crash |
N/A | — | [Apple Multi-Touch] A malicious HID device may cause an unexpected process crash | |
|
CVE-2025-43425
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43426
[Apple Contacts] An app may be able to access sensitive user data |
N/A | — | [Apple Contacts] An app may be able to access sensitive user data | |
|
CVE-2025-43427
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43430
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43432
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43436
[Apple CoreServices] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple CoreServices] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-43437
[Apple Managed Configuration] An app may be able to fingerprint the user |
N/A | — | [Apple Managed Configuration] An app may be able to fingerprint the user | |
|
CVE-2025-43440
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-43447
[Apple Apple Neural Engine] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Apple Neural Engine] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-43449
[Apple Apple TV Remote] A malicious app may be able to track users between installs |
N/A | — | [Apple Apple TV Remote] A malicious app may be able to track users between installs | |
|
CVE-2025-43452
[Apple Text Input] Keyboard suggestions may display sensitive information on the lock screen |
N/A | — | [Apple Text Input] Keyboard suggestions may display sensitive information on the lock screen | |
|
CVE-2025-43455
[Apple Apple Account] A malicious app may be able to take a screenshot of sensitive information in embedded views |
N/A | — | [Apple Apple Account] A malicious app may be able to take a screenshot of sensitive information in embedded views | |
|
CVE-2025-43457
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43460
[Apple Status Bar] An attacker with physical access to a locked device may be able to view sensitive user information |
N/A | — | [Apple Status Bar] An attacker with physical access to a locked device may be able to view sensitive user information | |
|
CVE-2025-43462
[Apple Apple Neural Engine] An app may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Apple Neural Engine] An app may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-43480
[Apple WebKit] A malicious website may exfiltrate data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate data cross-origin | |
|
CVE-2025-43498
[Apple FileProvider] An app may be able to access sensitive user data |
N/A | — | [Apple FileProvider] An app may be able to access sensitive user data | |
|
CVE-2025-43500
[Apple Sandbox Profiles] An app may be able to access sensitive user data |
N/A | — | [Apple Sandbox Profiles] An app may be able to access sensitive user data | |
|
CVE-2025-43502
[Apple Safari] An app may be able to bypass certain Privacy preferences |
N/A | — | [Apple Safari] An app may be able to bypass certain Privacy preferences |