Post

Critical iOS and iPadOS Update: Apple Patches 29 Vulnerabilities

Posted
By Tom Grant
2 min read
Critical iOS and iPadOS Update: Apple Patches 29 Vulnerabilities

TL;DR

Apple has released a crucial security update for iOS and iPadOS, addressing 29 vulnerabilities. This update is essential for protecting against potential data leaks and address bar spoofing. Users are urged to update their devices to iOS 18.6 or iPadOS 18.6 immediately.

Main Content

Apple has released a critical security update for iOS and iPadOS to address multiple vulnerabilities, including issues that could lead to sensitive information leaks when visiting malicious websites and allow attackers to display false information in the address bar.

In total, 29 vulnerabilities were patched, with most of them affecting WebKit, Apple’s web rendering engine that powers Safari and other applications.

The update is available for:

  • iPhone XS and later
  • iPad Pro 13-inch
  • iPad Pro 12.9-inch 3rd generation and later
  • iPad Pro 11-inch 1st generation and later
  • iPad Air 3rd generation and later
  • iPad 7th generation and later
  • iPad mini 5th generation and later

To ensure your device is running the latest software version, go to Settings > General > Software Update. Make sure you are on iOS 18.6 or iPadOS 18.6. If not, update immediately. It is also recommended to enable Automatic Updates, which can be done on the same screen.

update now

Additionally, Apple has released updates for:

Technical Details

Here are some of the key vulnerabilities addressed in this update:

  • CVE-2025-31229: A logic issue that could disclose your passcode through VoiceOver reading it aloud. VoiceOver is a gesture-based screen reader for visually impaired users.

  • CVE-2025-43217: Devices may fail to display privacy indicators when apps access the microphone or camera, preventing users from being notified.

  • CVE-2025-43227: Visiting a specially crafted malicious website could expose sensitive information, such as cookies, authentication tokens, browsing history, and other personal data.

  • CVE-2025-43228: Visiting a malicious website may lead to address bar spoofing, where the browser displays a fake or misleading URL, tricking users into believing they are on a trustworthy site.

We don’t just report on phone security—we provide it.

Keep your mobile devices secure by downloading Malwarebytes for iOS and Malwarebytes for Android today.

For more details, visit the full article.

Additional Resources

For further insights, check:

References

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence ios
This post is licensed under CC BY 4.0 by the author.