Apple released security updates to fix multiple flaws in iOS and macOS
Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices.
Apple released urgent iOS and macOS security updates to patch critical flaws that could allow attackers to execute malicious code just by opening a crafted image, video, or website:
- AppleJPEG CVE-2025-31251 – Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory;
- CoreMedia CVE-2025-31233 – Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory
- ImageIO CVE-2025-31226 – Processing a maliciously crafted image may lead to a denial-of-service
- WebKit CVE-2025-31223 – Processing maliciously crafted web content may lead to memory corruption
- Webkit CVE-2025-24223 – Processing maliciously crafted web content may lead to memory corruption
- Webkit CVE-2025-31217 – Processing maliciously crafted web content may lead to an unexpected Safari crash
- Webkit CVE-2025-31215 – Processing maliciously crafted web content may lead to an unexpected process crash
- Webkit CVE-2025-31206 – Processing maliciously crafted web content may lead to an unexpected Safari crash
- Webkit CVE-2025-31257 – Processing maliciously crafted web content may lead to an unexpected Safari crash
Apple’s iOS 18.5 update addressed multiple critical flaws in AppleJPEG, CoreMedia, and other components that could let attackers run code or leak data via malicious media files.
The company patched severe file-parsing flaws in CoreAudio, CoreGraphics, and ImageIO that could lead to unexpected app termination or corrupt process memory, or leak data when opening malicious content.
Some bugs could trigger a denial-of-service condition or lead to memory corruption.
One of the issues, tracked as CVE-2025-31217, can be triggered by processing maliciously crafted web content, leading to an unexpected Safari crash.
Processing maliciously crafted web content may lead to an unexpected Safari crash.
Apple’s also addressed a Baseband flaw, tracked as CVE-2025-31214, that can be exploited by an attacker to intercept traffic on iPhone 16e.
The IT giant also fixed a mDNSResponder privilege escalation bug, tracked as CVE-2025-31222, a Notes issue leaking data from locked screens, and other security gaps in FrontBoard, iCloud Document Sharing, and Mail Addressing.
iOS 18.5 is now available for iPhone XS and newer models, while the accompanying iPadOS update supports iPad Pro (2018 and later), iPad Air 3rd generation, iPad 7th generation, iPad mini 5, and subsequent devices.
Apple also released updates for macOS Sequoia, macOS Sonoma, macOS Ventura, as well as for watchOS, tvOS, and visionOS.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, iOS)
目录
最新
- The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M
- Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games
- Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims
- SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50
- Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION
- Iran confirmed it shut down internet to protect the country against cyberattacks
- Godfather Android trojan uses virtualization to hijack banking and crypto apps
- Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider