Which Apple devices and operating systems are affected?

The security updates affect all major Apple platforms: iOS 18.6 and iPadOS 18.6 (iPhone XS and later, various iPad models), iPadOS 17.7.9 (older iPad models), macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, watchOS 11.6 (Apple Watch Series 6 and later), tvOS 18.6 (Apple TV HD and 4K models), and visionOS 2.6 (Apple Vision Pro).

What are the most critical vulnerabilities in the Apple security update?

Critical vulnerabilities include memory corruption flaws in afclip and CoreMedia that can cause app termination, ICU out-of-bounds access leading to Safari crashes, Metal texture processing memory corruption, privilege escalation vulnerabilities allowing malicious apps to gain root privileges, kernel vulnerabilities allowing remote system termination, and command injection flaws in Disk Images allowing arbitrary code execution.

How many vulnerabilities were patched in macOS systems?

macOS systems received the most comprehensive updates with dozens of vulnerabilities patched across different versions. macOS Sequoia 15.6 received patches for approximately 30 critical vulnerabilities, while macOS Sonoma 14.7.7 and macOS Ventura 13.7.7 received similar extensive security fixes addressing privilege escalation, sandbox escapes, and system termination vulnerabilities.

What types of attacks do these Apple vulnerabilities enable?

These vulnerabilities enable various types of attacks including remote code execution, privilege escalation to root access, sandbox escapes, memory corruption leading to app or system crashes, unauthorized access to protected user data, kernel memory disclosure, command injection attacks, and system termination through denial-of-service conditions.

Are there any sandbox escape vulnerabilities in the Apple update?

Yes, multiple sandbox escape vulnerabilities were patched including File Bookmark logic issues (CVE-2025-43261), NetAuth race conditions (CVE-2025-43275), NSSpellChecker permissions issues (CVE-2025-43266), and SharedFileList path handling problems (CVE-2025-43250). These vulnerabilities allowed malicious applications to break out of their security containers and access restricted system resources.

What open source library vulnerabilities were fixed?

Apple addressed vulnerabilities in open source libraries including libxml2 (CVE-2025-7425) and libxslt (CVE-2025-7424) memory corruption issues that were discovered by Google Project Zero researchers. These libraries are commonly used for XML processing and could be exploited through malicious XML content.

Which Apple applications and services were affected?

Multiple Apple applications and services were affected including Safari (ICU crashes), Notes (unauthorized network access), Dock (protected data access), Finder/LaunchServices (arbitrary code execution), System Settings (protected data access), Security (HTTPS proxy issues), and various system frameworks like PackageKit, WebContentFilter, and StorageKit.

How urgent is it to install these Apple security updates?

It is extremely urgent to install these updates immediately. With 95 vulnerabilities patched, including critical remote code execution flaws, privilege escalation issues, and kernel vulnerabilities, these security flaws are likely to be targeted by attackers. Apple users should update all their devices as soon as possible to protect against potential exploitation.

What PackageKit vulnerabilities were fixed in macOS?

Multiple PackageKit vulnerabilities were addressed including entitlement hijacking (CVE-2025-43260), allowing modification of system files with root privileges (CVE-2025-43247), modification of protected file system parts (CVE-2025-43194), and bypassing Privacy preferences (CVE-2025-43232). PackageKit is a critical system component for software installation and management.

Are there any Find My privacy vulnerabilities in the Apple update?

Yes, CVE-2025-31279 addresses a Find My fingerprinting vulnerability that allowed apps to fingerprint users, potentially compromising user privacy. This vulnerability affects multiple Apple platforms including iOS, iPadOS, and macOS systems, and could have been used to track users without their consent.

Advisory

Apple relesases security updates patching 95 vulnerabilities across all products

Q: What are the highest severity vulnerabilities in the Apple update?

The highest severity vulnerabilities include accessibility passcode disclosure (CVE-2025-31229) with CVSS 9.1, privacy indicator display issues (CVE-2025-43217), and CoreMedia sandbox restriction circumvention (CVE-2025-43273). These vulnerabilities could expose sensitive user data or bypass critical security protections.

published: July 30, 2025

Take action: If you have any Apple devices (iPhone, iPad, Mac, Apple Watch, Apple TV, or Vision Pro), time to update them. There's a huge pack of patches and critical flaws that will be exploited. Don't delay.

Learn More

Apple has released security updates for all its major operating systems, addressing 95 vulnerabilities ranging from critical remote code execution flaws to privilege escalation and memory corruption issues affecting iOS, iPadOS, macOS, watchOS, tvOS, and visionOS platforms.

Critical vulnerabilities patched in iOS 18.6 and iPadOS 18.6

CVE-2025-43186 - afclip memory corruption leading to unexpected app termination when parsing files
CVE-2025-43210 - CoreMedia out-of-bounds access causing app termination or memory corruption when processing malicious media files
CVE-2025-43209 - ICU out-of-bounds access leading to Safari crashes when processing malicious web content
CVE-2025-43234 - Metal texture processing memory corruption causing app termination\
CVE-2025-31279 - Find My fingerprinting vulnerability allowing apps to fingerprint users

Available for iPhone XS and later, and iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

Critical vulnerabilities patched in iPadOS 17.7.9

CVE-2025-43222 - CFNetwork use-after-free causing unexpected app termination
CVE-2025-43220 - copyfile symlink validation issue allowing access to protected user data
CVE-2025-43210 - CoreMedia out-of-bounds access causing app termination or memory corruption
CVE-2025-31279 - Find My fingerprinting vulnerability
CVE-2025-43209 - ICU out-of-bounds access leading to Safari crashes • CVE-2025-24224 - Kernel vulnerability allowing remote attackers to cause system termination

Available for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.

Critical vulnerabilities patched in macOS Sequoia 15.6

CVE-2025-43186 - afclip parsing file memory corruption
CVE-2025-43244 - AMD race condition causing unexpected system termination
CVE-2025-43253 - AppleMobileFileIntegrity allowing malicious apps to launch arbitrary binaries
CVE-2025-43245 - AppleMobileFileIntegrity downgrade issue allowing access to protected data
CVE-2025-43222 - CFNetwork use-after-free causing app termination
CVE-2025-43220 - copyfile symlink validation allowing access to protected user data
CVE-2025-43199 - Core Services privilege escalation allowing malicious apps to gain root privileges
CVE-2025-43210 - CoreMedia out-of-bounds access
CVE-2025-43187 - Disk Images hdiutil command injection allowing arbitrary code execution
CVE-2025-43198 - Dock vulnerability allowing access to protected user data
CVE-2025-43261 - File Bookmark logic issue allowing sandbox escape
CVE-2025-31279 - Find My fingerprinting vulnerability
CVE-2025-43255 - GPU Drivers out-of-bounds read causing system termination
CVE-2025-43209 - ICU out-of-bounds access leading to Safari crashes
CVE-2025-43192 - Managed Configuration allowing User Enrollment with Lockdown Mode enabled
CVE-2025-43234 - Metal texture processing memory corruption
CVE-2025-43275 - NetAuth race condition allowing sandbox escape
CVE-2025-43270 - Notes unauthorized Local Network access
CVE-2025-43266 - NSSpellChecker permissions issue allowing sandbox escape
CVE-2025-43260 - PackageKit entitlement hijacking vulnerability
CVE-2025-43247 - PackageKit allowing modification of system files with root privileges
CVE-2025-43194 - PackageKit allowing modification of protected file system parts
CVE-2025-43232 - PackageKit bypassing Privacy preferences
CVE-2025-43236 - Power Management type confusion causing app termination
CVE-2025-43233 - Security vulnerability allowing HTTPS proxy to access sensitive data
CVE-2025-43193 - SecurityAgent denial-of-service vulnerability
CVE-2025-43250 - SharedFileList path handling issue allowing sandbox escape
CVE-2025-43243 - Software Update allowing modification of protected file system parts
CVE-2025-43206 - System Settings parsing issue allowing access to protected data
CVE-2025-43189 - WebContentFilter allowing malicious apps to read kernel memory
CVE-2025-43237 - WebContentFilter out-of-bounds write causing system termination
CVE-2025-43238 - Xsan integer overflow causing system termination

Critical vulnerabilities patched in macOS Sonoma 14.7.7

CVE-2025-43186 - afclip parsing file memory corruption
CVE-2025-43244 - AMD race condition causing system termination
CVE-2025-43253 - AppleMobileFileIntegrity arbitrary binary launch vulnerability
CVE-2025-43245 - AppleMobileFileIntegrity downgrade issue
CVE-2025-43222 - CFNetwork use-after-free issue
CVE-2025-43220 - copyfile symlink validation vulnerability
CVE-2025-43199 - Core Services privilege escalation to root
CVE-2025-43210 - CoreMedia out-of-bounds access
CVE-2025-43187 - Disk Images command injection vulnerability
CVE-2025-43198 - Dock protected user data access
CVE-2025-43261 - File Bookmark sandbox escape
CVE-2025-31279 - Find My fingerprinting issue
CVE-2025-24119 - Finder arbitrary code execution outside sandbox
CVE-2025-43255 - GPU Drivers system termination vulnerability
CVE-2025-43209 - ICU Safari crash vulnerability
CVE-2025-43192 - Managed Configuration Lockdown Mode bypass
CVE-2025-43275 - NetAuth sandbox escape
CVE-2025-43270 - Notes Local Network unauthorized access
CVE-2025-43266 - NSSpellChecker sandbox escape
CVE-2025-43260 - PackageKit entitlement hijacking
CVE-2025-43247 - PackageKit system file modification with root privileges
CVE-2025-43194 - PackageKit protected file system modification
CVE-2025-43232 - PackageKit Privacy preferences bypass
CVE-2025-43236 - Power Management type confusion
CVE-2025-43233 - Security HTTPS proxy sensitive data access
CVE-2025-43193 - SecurityAgent denial-of-service
CVE-2025-43250 - SharedFileList sandbox escape
CVE-2025-43184 - Shortcuts sensitive app settings bypass
CVE-2025-43243 - Software Update file system modification
CVE-2025-43206 - System Settings protected data access
CVE-2025-43189 - WebContentFilter kernel memory read
CVE-2025-43238 - Xsan integer overflow system termination

Critical vulnerabilities patched in macOS Ventura 13.7.7

CVE-2025-43186 - afclip memory corruption
CVE-2025-43244 - AMD race condition
CVE-2025-43245 - AppleMobileFileIntegrity downgrade,
CVE-2025-43222 - CFNetwork use-after-free
CVE-2025-43220 - copyfile symlink validation
CVE-2025-43199 - Core Services privilege escalation
CVE-2025-43210 - CoreMedia out-of-bounds access
CVE-2025-43187 - Disk Images command injection
CVE-2025-43261 - File Bookmark sandbox escape
CVE-2025-31279 - Find My fingerprinting
CVE-2025-24119 - Finder/LaunchServices arbitrary code execution
CVE-2025-43255 - GPU Drivers system termination
CVE-2025-43209 - ICU Safari crash
CVE-2025-24224 - Kernel remote system termination
CVE-2025-43275 - NetAuth sandbox escape
CVE-2025-43270 - Notes Local Network access
CVE-2025-43266 - NSSpellChecker sandbox escape
CVE-2025-43247 - PackageKit system file modification
CVE-2025-43194 - PackageKit file system modification
CVE-2025-43232 - PackageKit Privacy bypass
CVE-2025-43236 - Power Management type confusion
CVE-2025-43233 - Security HTTPS proxy data access
CVE-2025-43193 - SecurityAgent denial-of-service
CVE-2025-43250 - SharedFileList sandbox escape
CVE-2025-43184 - Shortcuts app settings bypass
CVE-2025-43243 - Software Update file system modification
CVE-2025-43206 - System Settings data access,
CVE-2025-43189 - WebContentFilter kernel memory read
CVE-2025-43238 - Xsan integer overflow.

Critical vulnerabilities patched in watchOS 11.6, tvOS 18.6, and visionOS 2.6

These platforms share a common set of critical vulnerabilities:

CVE-2025-43186 - afclip parsing file memory corruption
CVE-2025-43210 - CoreMedia out-of-bounds access
CVE-2025-43209 - ICU Safari crash vulnerability
CVE-2025-43234 - Metal texture processing memory corruption

Available for Apple Watch Series 6 and later, Apple TV HD and Apple TV 4K (all models), and Apple Vision Pro respectively.

High Severity and Additional Vulnerabilities

The remaining 54 vulnerabilities include multiple WebKit memory corruption and crash issues, Model I/O processing flaws affecting media files, and various component-specific issues ranging from information disclosure to denial-of-service conditions. Notable high-severity vulnerabilities (CVSS 9.1) include accessibility passcode disclosure (CVE-2025-31229), privacy indicator display issues (CVE-2025-43217), and CoreMedia sandbox restriction circumvention (CVE-2025-43273).

Open source library vulnerabilities are also addressed, including libxml2 (CVE-2025-7425) and libxslt (CVE-2025-7424) memory corruption issues discovered by Google Project Zero researchers. Additional fixes target specific application frameworks like Notes, Safari, Archive Utility, and system services such as StorageKit and Voice Control.

Users are strongly encouraged to update their apple devices immediately - there are a bunch of critical flaws and they will be attacked

Apple relesases security updates patching 95 vulnerabilities across all products

Read More
Google Pixel devices carry Android app that can …
CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, …
WhisperPair Flaw Enables Bluetooth Hijacking and Tracking
Google releases August 2025 Android Security Update, patches …
Google releases November 2024 Android Update, fixes actively …