What security vulnerabilities does iOS 18.5 and iPadOS 18.5 fix?

Apple has released iOS 18.5 and iPadOS 18.5, addressing 33 vulnerabilities affecting iPhone and iPad users. The update includes fixes for critical iCloud sharing flaws, WebKit memory corruption issues, kernel vulnerabilities, privacy concerns, and various other security weaknesses across multiple system components.

What is the most critical vulnerability fixed in iOS 18.5?

The most critical vulnerability is CVE-2025-30448 (CVSS 9.1), an iCloud Document Sharing flaw that allows attackers to turn on sharing of an iCloud folder without proper authentication. This serious security weakness was resolved through additional entitlement checks to prevent unauthorized access to users' cloud-stored documents and folders.

What WebKit vulnerabilities are fixed in iOS 18.5?

iOS 18.5 fixes three WebKit vulnerabilities: CVE-2025-31204 (CVSS 8.8) that could lead to memory corruption when processing maliciously crafted web content, and two additional WebKit flaws CVE-2025-31223 (CVSS 8.0) and CVE-2025-24223 (CVSS 8.0), both capable of causing memory corruption through malicious web content.

Are there any iPhone-specific vulnerabilities in iOS 18.5?

Yes, there are iPhone-specific vulnerabilities including CVE-2025-31214 (CVSS 8.1), a Baseband vulnerability affecting iPhone 16e specifically that could enable attackers in privileged network positions to intercept network traffic. Certain Notes app vulnerabilities also affect iPhone XS and later models.

What privacy issues were addressed in iOS 18.5?

iOS 18.5 addresses several privacy issues including CVE-2025-31253, a FaceTime vulnerability that could prevent proper microphone muting during calls, CVE-2025-31212, Core Bluetooth issues that could allow unauthorized access to sensitive user data, and CVE-2025-31225, Call History privacy concerns where deleted app call history could still appear in Spotlight search results.

What kernel and system vulnerabilities are fixed in iOS 18.5?

The update fixes multiple system vulnerabilities including CVE-2025-31234 (CVSS 8.2), a Pro Res vulnerability that could allow attackers to cause unexpected system termination or corrupt kernel memory, CVE-2025-31222 (CVSS 7.8), a privilege escalation vulnerability in mDNSResponder, and CVE-2025-24213 (CVSS 7.8), a kernel vulnerability that could lead to memory corruption.

How urgent is it to install the iOS 18.5 security update?

Users are strongly advised to install this critical security update immediately to protect their devices from potential exploitation. With 33 vulnerabilities addressed, including several with high CVSS scores, delaying the update could leave devices exposed to serious security risks.

What types of attacks could the iOS 18.5 vulnerabilities enable?

The vulnerabilities could enable various attacks including unauthorized access to iCloud folders, memory corruption through malicious web content, network traffic interception, system crashes, kernel memory corruption, privilege escalation, and privacy violations such as unauthorized microphone access and data exposure through search results.

Advisory

Apple addresses 33 security vulnerabilities in iOS 18.5 and iPadOS 18.5

Q: How can users install the iOS 18.5 security update?

Users can install the iOS 18.5 and iPadOS 18.5 security update through Settings > General > Software Update on compatible devices. The update should appear automatically for supported iPhone and iPad models.

published: May 29, 2025

Take action: Time to update your iPhones and iPads. Yes, there aren't any actively exploited flaws and there is only one critical. No, you should not ignore this update. Because the cat is out of the bag on these flaws, and hackers will try to exploit them. Press update, watch some TV or have lunch while the device updates.

Learn More

Apple has released iOS 18.5 and iPadOS 18.5, addressing 33 vulnerabilities affecting iPhone and iPad users.

Vulnerability summary:

iCloud Document Sharing flaw tracked as CVE-2025-30448 (CVSS score 9.1), which allows attackers to turn on sharing of an iCloud folder without proper authentication. This serious security weakness was resolved through additional entitlement checks to prevent unauthorized access to users' cloud-stored documents and folders.
WebKit vulnerability tracked as CVE-2025-31204 (CVSS score 8.8) could lead to memory corruption when processing maliciously crafted web content.
Pro Res vulnerability tracked as CVE-2025-31234 (CVSS score 8.2) could allow attackers to cause unexpected system termination or corrupt kernel memory through improved input sanitization.
Baseband vulnerability tracked as CVE-2025-31214 (CVSS score 8.1) that could enable attackers in privileged network positions to intercept network traffic, affecting the iPhone 16e specifically.
two WebKit flaws: CVE-2025-31223 (CVSS score 8.0) and CVE-2025-24223 (CVSS score 8.0), both capable of causing memory corruption through maliciously crafted web content.
Privilege escalation vulnerability in mDNSResponder tracked as CVE-2025-31222 (CVSS score 7.8)
multiple kernel vulnerabilities including CVE-2025-24213 (CVSS score 7.8) that could lead to memory corruption.

Privacy issues were also addressed, including a FaceTime vulnerability tracked as CVE-2025-31253 that could prevent proper microphone muting during calls, and Core Bluetooth issues tracked as CVE-2025-31212 that could allow unauthorized access to sensitive user data. The update fixes Call History privacy concerns tracked as CVE-2025-31225, where deleted app call history could still appear in Spotlight search results.

The update is available for iPhone XS and later models, along with iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

Some vulnerabilities specifically affect only iPhone models, such as the Baseband vulnerability affecting iPhone 16e and certain Notes app vulnerabilities affecting iPhone XS and later.

Users are strongly advised to install this critical security update immediately to protect their devices from potential exploitation. The update can be installed through Settings > General > Software Update on compatible devices.

Apple addresses 33 security vulnerabilities in iOS 18.5 and iPadOS 18.5

Read More
Samsung Releases Patches to critical issues in sync …
Microsoft November 2025 Patch Tuesday fixes one exploited …
Apple patches actively exploited critical flaws in latest …
Google patches another actively exploited Chrome vulnerability, three …
Critical vulnerabilities in Google Home and Google Nest …