SB2025051303 - Multiple vulnerabilities in Apple iOS 18 and iPadOS 18
Published: May 13, 2025 Updated: November 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2025-24223)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Improper access control (CVE-ID: CVE-2025-31245)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in Pro Res. A local application can cause unexpected system termination.
3) Buffer overflow (CVE-ID: CVE-2025-31234)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Pro Res. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Integer overflow (CVE-ID: CVE-2025-31221)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow in Security. A remote attacker can trigger integer overflow and read parts of kernel memory.
5) Type confusion (CVE-ID: CVE-2025-24213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Buffer overflow (CVE-ID: CVE-2025-31223)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2025-31238)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Buffer overflow (CVE-ID: CVE-2025-31204)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Missing Authorization (CVE-ID: CVE-2025-31228)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to missing authorization in Notes. An attacker with physical access to device can access notes from the lock screen.
10) Improper input validation (CVE-ID: CVE-2025-31217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
11) Improper access control (CVE-ID: CVE-2025-31215)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected process crash.
12) Type Confusion (CVE-ID: CVE-2025-31206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the WebKit engine. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.
13) Information disclosure (CVE-ID: CVE-2025-31205)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted website and exfiltrate data cross-origin.
14) Memory corruption (CVE-ID: CVE-2025-31257)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-31227)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to a login error in Notes. An attacker with physical access to device can access a deleted call recording.
16) Improper access control (CVE-ID: CVE-2025-31222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in mDNSResponder. A local user can elevate privileges.
17) Buffer overflow (CVE-ID: CVE-2025-31251)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing specially crafted image files in AppleJPEG. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and crash the application.
18) Buffer overflow (CVE-ID: CVE-2025-31233)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreMedia when processing video files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Cleartext transmission of sensitive information (CVE-ID: CVE-2025-31214)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information in Baseband. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
20) Information disclosure (CVE-ID: CVE-2025-31225)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to Call history from deleted apps may still appear in spotlight search results. An attacker with physical access to device can gain access to sensitive information.
21) State issues (CVE-ID: CVE-2025-31212)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in Core Bluetooth. A local application can access sensitive user data.
22) Improper access control (CVE-ID: CVE-2025-31208)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in CoreAudio. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.
23) Out-of-bounds read (CVE-ID: CVE-2025-31209)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in CoreGraphics. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
24) Use after free (CVE-ID: CVE-2025-31239)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in CoreMedia. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.
25) Information disclosure (CVE-ID: CVE-2025-31253)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in FaceTime. Muting the microphone during a FaceTime call may not result in audio being silenced.
26) Spoofing attack (CVE-ID: CVE-2025-24225)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Mail Addressing. A remote attacker can trick the victim into opening a specially crafted email address and spoof user interface.
27) Input validation error (CVE-ID: CVE-2025-31210)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in FaceTime. A remote attacker can trick the victim into viewing a specially crafted web content and perform a denial of service (DoS) attack.
28) Information disclosure (CVE-ID: CVE-2025-31207)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in FrontBoard. A local application can enumerate a user's installed apps.
29) Missing Authorization (CVE-ID: CVE-2025-30448)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication. A remote attacker can turn on sharing of an iCloud folder without authentication.
30) Improper access control (CVE-ID: CVE-2025-31226)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in ImageIO. A remote attacker can trick the victim into opening a specially crafted file and perform a denial-of-service.
31) Buffer overflow (CVE-ID: CVE-2025-31219)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Microsoft Office files. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Double free (CVE-ID: CVE-2025-31241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the OS kernel. A remote attacker trigger a double free error and crash the system.
33) Stack-based buffer overflow (CVE-ID: CVE-2024-8176)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Input validation error (CVE-ID: CVE-2025-24224)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2025-31216)
The vulnerability allows an attacker to override managed Wi-Fi profiles.
The vulnerability exists due to insufficient validation of user-supplied input within the Wi-Fi component. An attacker with physical access to device can override managed Wi-Fi profiles.
36) Information exposure through log files (CVE-ID: CVE-2025-31242)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in StoreKit. A local application can access sensitive user data.
37) Out-of-bounds read (CVE-ID: CVE-2025-43374)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Wi-Fi component. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of kernel memory.
Remediation
Install update from vendor's website.