Skip to main content
Mallory

Apple iOS/iPadOS Security Updates and CVE Fixes Across Multiple Releases

endpoint-software-vulnerabilitywidely-deployed-product-advisoryidentity-authentication-vulnerability
Updated March 21, 2026 at 02:46 PM10 sources
Share:
Apple iOS/iPadOS Security Updates and CVE Fixes Across Multiple Releases

Get Ahead of Threats Like This

Know if you're exposed. Before adversaries strike.

Apple published security advisories detailing vulnerability fixes across multiple iOS and iPadOS versions, including iOS/iPadOS 16.7, 17.2, 18.1, 18.3, 26.1, and 26.2. The advisories describe a range of impacts such as sandbox escapes (including Web Content sandbox breakout), privacy issues where apps could access or expose sensitive user data via insufficient log redaction, file-system modification via temporary-file handling, and memory-safety flaws (e.g., out-of-bounds reads, type confusion, and bounds-checking issues) that could lead to crashes or memory corruption. Apple attributes fixes to changes like improved protocol handling, cache handling, input validation, and additional permission restrictions, and references issues by CVE where available.

Several advisories also highlight device-state and authentication/logic weaknesses: iOS/iPadOS 18.3 includes a case where an attacker with physical access to an unlocked device could access Photos while the app is locked (CVE-2025-24141), while iOS/iPadOS 18.1 includes a lock-screen exposure issue (CVE-2024-44274) and a Shortcuts-related path-handling flaw that could allow arbitrary shortcut execution without user consent (CVE-2024-44255). The iOS/iPadOS 26.x advisories include privacy and permission issues (e.g., identifying installed apps, screenshots of sensitive embedded views), potential kernel memory corruption/system termination conditions, and logic/UI issues affecting security posture (e.g., passcode requirement timing after Face ID enrollment restore scenarios and potential FaceTime caller ID spoofing), with multiple findings credited to external researchers and teams (including Google Project Zero, ByteDance IES Red Team, and others).

Timeline

  1. Jan 16, 2026

    Apple publishes iOS 26.1 and iPadOS 26.1 security advisory

    Apple published the iOS 26.1 and iPadOS 26.1 security advisory on January 16, 2026, documenting the vulnerabilities fixed in the November 2025 release and noting some entries had been updated on December 12, 2025.

  2. Jan 9, 2026

    Apple publishes iOS 26.2 and iPadOS 26.2 security advisory

    Apple published the iOS 26.2 and iPadOS 26.2 security advisory on January 9, 2026, describing the December 2025 fixes and noting added or updated entries including a FaceTime caller ID spoofing issue and additional web-content crash vulnerabilities.

  3. Dec 12, 2025

    Apple releases iOS 26.2 and iPadOS 26.2

    Apple released iOS 26.2 and iPadOS 26.2 on December 12, 2025, fixing numerous vulnerabilities including exposure of payment tokens, Safari history and hidden photos, file- and HID-triggered memory corruption, and a web-content flaw that may have been exploited in a highly targeted attack.

  4. Nov 11, 2025

    Apple publishes iOS 18.4, visionOS 2.4, and related security advisories

    On November 11, 2025, Apple published security advisories for iOS 18.4 and iPadOS 18.4 as well as visionOS 2.4, detailing numerous fixes for privacy leaks, privilege escalation, sandbox escapes, local-network attack vectors, web spoofing, and memory-safety flaws.

  5. Nov 4, 2025

    Apple publishes iOS 26 and iPadOS 26 security advisory

    Apple published the security advisory for iOS 26 and iPadOS 26 on November 4, 2025, later surfaced in the referenced support document, detailing numerous CVE-tracked vulnerabilities fixed in the September 2025 release.

  6. Nov 3, 2025

    Apple releases iOS 26.1 and iPadOS 26.1

    Apple released iOS 26.1 and iPadOS 26.1 on November 3, 2025, addressing a broad set of privacy, permission-bypass, sandbox escape, keystroke monitoring, kernel memory corruption, and malicious web-content issues.

  7. Sep 15, 2025

    Apple releases iOS 26 and iPadOS 26

    Apple released iOS 26 and iPadOS 26 on September 15, 2025, fixing numerous vulnerabilities including memory corruption, sensitive data exposure, sandbox bypasses, keystroke monitoring without permission, and web-content processing flaws.

  8. Aug 20, 2025

    Apple releases iOS 18.6.2 and iPadOS 18.6.2 for exploited image flaw

    On August 20, 2025, Apple released iOS 18.6.2 and iPadOS 18.6.2 to fix CVE-2025-43300, an out-of-bounds write in image processing that could cause memory corruption. Apple said it was aware the flaw may have been exploited in an extremely sophisticated attack against specific targeted individuals.

  9. Jul 29, 2025

    Apple publishes macOS Ventura 13.7.5 security advisory

    Apple published the macOS Ventura 13.7.5 security update advisory on July 29, 2025, documenting numerous fixes for privilege escalation, sandbox escapes, authentication bypasses, privacy leaks, memory corruption, and network-reachable issues.

  10. Apr 28, 2025

    Apple updates macOS Ventura 13.7.5 advisory with added CVEs

    Apple added several CVE entries to the macOS Ventura 13.7.5 security advisory on April 28, 2025, with further updates on May 28, 2025 and an additional entry on July 29, 2025.

  11. Apr 2, 2025

    Apple publishes iOS 18.2 and iPadOS 18.2 security advisory

    Apple published the security advisory for iOS 18.2 and iPadOS 18.2 on April 2, 2025, detailing vulnerabilities fixed in the December 2024 release and noting several entries added or updated in early 2025.

  12. Mar 3, 2025

    Apple publishes iOS 18 and iPadOS 18 security content advisory

    Apple published the security content document for iOS 18 and iPadOS 18 on March 3, 2025, summarizing the vulnerabilities addressed in the September 2024 release and subsequent advisory updates.

  13. Mar 3, 2025

    Apple updates iOS 18 advisory with additional CVE entries

    Apple added or updated multiple CVE entries in the iOS 18 and iPadOS 18 security advisory on October 28, 2024 and again on March 3, 2025, expanding the documented details of vulnerabilities fixed in the September 2024 release.

  14. Dec 11, 2024

    Apple releases iOS 18.2 and iPadOS 18.2

    Apple released iOS 18.2 and iPadOS 18.2 on December 11, 2024, fixing multiple issues including authentication bypasses, sandbox escapes, sensitive data exposure, network privacy weaknesses, and memory-safety flaws.

  15. Sep 16, 2024

    Apple releases iOS 18 and iPadOS 18 security fixes

    Apple released iOS 18 and iPadOS 18 on September 16, 2024, addressing numerous vulnerabilities affecting privacy, sandboxing, file handling, Bluetooth, VPN/networking, and web content processing on supported iPhones and iPads.

See the full picture in Mallory

Mallory subscribers get deeper analysis on every story, including:

Impact Assessment

Who’s affected and how

Technical Details

Deep-dive technical analysis

Response Recommendations

Actionable next steps for your team

Indicators of Compromise

IPs, domains, hashes, and more

AI Threads

Ask questions and take action on every story

Advanced Filters

Filter by topic, classification, timeframe

Scheduled Alerts

Get matching stories delivered automatically

Related Entities

Vulnerabilities

Authentication bypass allowing access to Private Browsing tabs in iOS/iPadOS (CVE-2024-44127)Arbitrary file overwrite in Apple platforms (iOS/iPadOS/macOS/visionOS) (CVE-2024-44167)Installed apps enumeration in iOS 18 / iPadOS 18 (CVE-2024-40830)Screen recording without indicator in iOS 18, iPadOS 18, and macOS Sequoia 15 (CVE-2024-27869)Universal XSS in Apple Safari and Apple operating systems WebKit (CVE-2024-40857)Unauthorized Local Network access in iOS/iPadOS (Local Network permission bypass) (CVE-2024-44147)iOS/iPadOS Accessibility Control Nearby Devices from Lock Screen (CVE-2024-44171)Authentication bypass in iOS/iPadOS Password Autofill (fills after failed authentication) (CVE-2024-44217)Denial-of-Service Logic Error in Apple OSes (CVE-2024-44183)Wi-Fi Beacon Protection Bypass / Secure Network Disconnect in Apple platforms (CVE-2024-44187)Lock screen contacts disclosure in iOS/iPadOS (CVE-2024-44139) (CVE-2024-44139)Sensitive information disclosure in iOS/iPadOS (CVE-2024-40863) (CVE-2024-40863)Unauthorized Bluetooth Access in Apple OSes (CVE-2024-44191)Privacy bypass in Apple iOS/iPadOS/macOS allowing root app access to keyboard input and location without consent (CVE-2024-44123)Buffer overflow in Apple file processing (CVE-2024-44144)Sensitive User Information Leak in Apple iOS, iPadOS, macOS, and visionOS (CVE-2024-54469)Out-of-bounds Read in Apple file processing (CVE-2024-27880)VPN traffic leak due to logic issue in Apple networking stack (iOS/macOS/visionOS) (CVE-2024-44165)Integer Overflow in Apple Web Content Processing (CVE-2024-44198)iOS/iPadOS lock screen contacts disclosure (CVE-2024-44180) (CVE-2024-44180)Iframe sandbox bypass via custom URL scheme handling in Safari/WebKit (Apple platforms) (CVE-2024-44155)File access issue in Apple operating systems allowing access to user-sensitive data (CVE-2024-40850)iOS/iPadOS Bluetooth pairing bypass via malicious input device (CVE-2024-44124) (CVE-2024-44124)Unexpected app termination via out-of-bounds read in iOS/iPadOS (CVE-2024-27879) (CVE-2024-27879)Out-of-bounds image processing denial-of-service in Apple platforms (CVE-2024-44176)Lock screen contact number disclosure in iOS/iPadOS/macOS (CVE-2024-44179) (CVE-2024-44179)Clickjacking leading to Photos library access prompt spoofing in iOS/iPadOS/macOS (CVE-2024-54558)Lock Screen bypass in macOS Sidecar (state management issue) (CVE-2024-44145)Apple private data redaction issue leaking contacts via log entries (CVE-2024-40791) (CVE-2024-40791)Cross-origin data exfiltration in Apple WebKit/Safari cookie management (CVE-2024-54467)iOS/iPadOS/macOS Print Preview Temporary File Plaintext Disclosure (CVE-2024-40826)Process crash in Apple web content processing (CVE-2024-44192)Sensitive data exposure in Apple OSes (iOS/iPadOS/watchOS/macOS) (CVE-2024-44170)Sensitive data exposure via insufficient permission restrictions in Apple OSes (CVE-2024-44184) (CVE-2024-44184)Heap-based buffer overflow in OpenEXR deep scanline parsing (CVE-2023-5841)Denial-of-service in iOS/iPadOS (fixed in iOS 18 / iPadOS 18) (CVE-2024-27874)Arbitrary File Write via Race Condition in Apple archive unpacking (CVE-2024-27876)Lock-screen photo disclosure in iOS/iPadOS Assistive Access (CVE-2024-40852)Unexpected System Termination in Apple operating systems (CVE-2024-44169)Kernel memory corruption / system termination in Apple OSes (iOS/iPadOS/macOS) (CVE-2024-44227)

Organizations

Trend MicroAppleGoogleOligo SecurityKandjiTikTok

Affected Products

MacosIosIosIpados

Sources

apple support
About the security content of iOS 18 and iPadOS 18 - Apple Support
January 26, 2026 at 10:47 PM
apple support
About the security content of iOS 26 and iPadOS 26 - Apple Support
January 26, 2026 at 10:47 PM
apple support
About the security content of iOS 26.2 and iPadOS 26.2 - Apple Support
January 26, 2026 at 12:00 AM
apple support
About the security content of iOS 18.6.2 and iPadOS 18.6.2 - Apple Support
January 25, 2026 at 06:53 AM
apple support
About the security content of macOS Ventura 13.7.5 - Apple Support
January 25, 2026 at 04:43 AM

5 more from sources like apple support and zdnet zero day

Related Stories

Apple security updates addressing actively exploited iOS and macOS vulnerabilities

Apple security updates addressing actively exploited iOS and macOS vulnerabilities

Apple published multiple security advisories across iOS/iPadOS, macOS, and watchOS releases that include fixes for vulnerabilities reported as **actively exploited** in the wild. Notable exploited issues include iOS/iPadOS 15.6.1 fixes for **kernel** and **WebKit** out-of-bounds writes enabling arbitrary code execution (`CVE-2022-32894`, `CVE-2022-32893`), iOS/iPadOS 16.3.1’s exploited **WebKit** type confusion leading to code execution (`CVE-2023-23529`), and iOS/iPadOS 15.7.5 plus macOS Big Sur 11.7.6 addressing an **IOSurfaceAccelerator** out-of-bounds write that could yield kernel-level code execution (`CVE-2023-28206`) alongside an exploited **WebKit** use-after-free (`CVE-2023-28205`). Apple also shipped iOS/iPadOS 16.6.1 and macOS Ventura 13.5.2 updates to remediate an exploited **ImageIO** buffer overflow (`CVE-2023-41064`) and an exploited **Wallet** attachment validation issue that could allow code execution (`CVE-2023-41061`). Separately, Apple’s iOS 17.0.1 and watchOS 9.6.3 advisories describe two vulnerabilities (`CVE-2023-41991`, `CVE-2023-41992`) reported by **Citizen Lab** and Google’s **Threat Analysis Group** as exploited against versions prior to iOS 16.7, involving **signature validation bypass** and **local privilege escalation**. Other referenced advisories (e.g., iOS/iPadOS 16.7, iOS/iPadOS 17.2, iOS/iPadOS 18.1, iOS/iPadOS 18.3, macOS Sequoia 15.1, iOS/iPadOS 26.1, macOS Tahoe 26.1, iOS/iPadOS 26.2) primarily enumerate additional CVEs and privacy/logic/memory-safety fixes but do not clearly tie to the same specific exploited-vulnerability disclosures, indicating they are broader platform security bulletins rather than part of a single incident response.

1 months ago
Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities

Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities

Apple released a wide-ranging set of security updates across **iOS**, **iPadOS**, **macOS Tahoe**, **watchOS**, **tvOS**, **visionOS**, **Safari**, and **Xcode**, addressing more than 85 vulnerabilities across core components including the kernel, WebKit, AirPlay, Keychain, and open-source libraries. The updates fix issues that could enable traffic interception, kernel state disclosure, user fingerprinting, installed-app enumeration, Mail privacy bypasses, exposure of deleted Notes content, and crashes from out-of-bounds writes. Apple said it had no reports of in-the-wild exploitation for the vulnerabilities listed in the release notes, but urged users to update, with particular importance for older devices and managed macOS environments. Among the patched flaws is **`CVE-2024-27828`**, a high-severity memory-handling bug in **IOSurfaceRoot** that could let a local app trigger a kernel panic or execute arbitrary code with kernel privileges. STAR Labs said the issue stemmed from a reference count leak in `IOSurfaceRootUserClient::s_create_shared_event`, where repeated calls with crafted input could corrupt memory handling; the flaw affected iOS and iPadOS before 17.5, tvOS before 17.5, watchOS before 10.5, and visionOS before 1.2. Apple addressed the bug through improved memory handling, adding it to a broader pattern of fixes spanning both current and legacy Apple platforms.

2 weeks ago
Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw

Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw

Apple issued security updates across its ecosystem to address **multiple vulnerabilities** affecting *iOS, iPadOS, macOS, tvOS, watchOS,* and *visionOS*, with impacts including **remote code execution (RCE)**, denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted **CVE-2026-20700** as a **high-risk** issue and noted it is **being exploited in the wild**; the flaw is described as an **improper restriction of operations within the bounds of a memory buffer** that could allow arbitrary code execution when an attacker has memory-write capability. Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., **CVE-2026-20645** and **CVE-2026-20674**) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (**CVE-2026-20650**). The updates apply to **iPhone 11 and later** and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.

2 weeks ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed. Before adversaries strike.