iPadOS 18.2

Microsoft Security Update Guide entry — NVD enrichira.

[Apple Apple Account] An attacker in a privileged network position may be able to track a user's activity

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple ICU] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple QuartzCore] Processing web content may lead to a denial-of-service

[Apple libxpc] An app may be able to gain elevated privileges

[Apple Kernel] An app may be able to cause unexpected system termination or corrupt kernel memory

[Apple Safari] On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the origi…

[Apple Passwords] A user in a privileged network position may be able to leak sensitive information

[Apple Vim] Processing a maliciously crafted file may lead to heap corruption

[Apple Kernel] An app may be able to break out of its sandbox

[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash

[Apple VoiceOver] An attacker with physical access to an iOS device may be able to view notification content from the l…

[Apple FontParser] Processing a maliciously crafted font may result in the disclosure of process memory

[Apple Accounts] Photos in the Hidden Photos Album may be viewed without authentication

[Apple Passwords] An attacker in a privileged network position may be able to alter network traffic

[Apple Kernel] An attacker may be able to create a read-only memory mapping that can be written to

[Apple ImageIO] Processing a maliciously crafted image may lead to arbitrary code execution

[Apple ImageIO] Processing a maliciously crafted image may result in disclosure of process memory

[Apple SceneKit] Processing a maliciously crafted file may lead to a denial of service

[Apple Audio] Muting a call while ringing may not result in mute being enabled

[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption

[Apple Kernel] An attacker with user privileges may be able to read kernel memory

[Apple Kernel] An app may be able to leak sensitive kernel state

[Apple Face Gallery] A system binary could be used to fingerprint a user's Apple Account

[Apple Crash Reporter] An app may be able to access sensitive user data

[Apple libxpc] An app may be able to break out of its sandbox

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple IOMobileFrameBuffer] An app may be able to corrupt coprocessor memory

[Apple MobileBackup] Restoring a maliciously crafted backup file may lead to modification of protected system files

[Apple AppleMobileFileIntegrity] A malicious app may be able to access private information

[Apple AppleMobileFileIntegrity] An app may be able to access sensitive user data

[Apple Passkeys] Password autofill may fill in passwords after failing authentication

[Apple APFS] An app may be able to access user-sensitive data

[Apple Safari Private Browsing] Private Browsing tabs may be accessed without authentication

[Apple Contacts] An app may be able to view autocompleted contact information from Messages and Mail in system logs