About the security content of iOS 18 and iPadOS 18

This document describes the security content of iOS 18 and iPadOS 18.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 18 and iPadOS 18

Accessibility

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to use Siri to access sensitive user data

Description: This issue was addressed through improved state management.

CVE-2024-40840: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

Accessibility

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to enumerate a user's installed apps

Description: This issue was addressed with improved data protection.

CVE-2024-40830: Chloe Surett

Accessibility

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features

Description: This issue was addressed through improved state management.

CVE-2024-44171: Jake Derouin

Accessibility

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to see recent photos without authentication in Assistive Access

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40852: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

Cellular

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to cause a denial-of-service

Description: This issue was addressed through improved state management.

CVE-2024-27874: Tuan D. Hoang

Compression

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: A race condition was addressed with improved locking.

CVE-2024-27876: Snoolie Keffaber (@0xilis)

Control Center

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to record the screen without an indicator

Description: The issue was addressed with improved checks.

CVE-2024-27869: an anonymous researcher

Core Bluetooth

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A malicious Bluetooth input device may bypass pairing

Description: This issue was addressed through improved state management.

CVE-2024-44124: Daniele Antonioli

FileProvider

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved validation of symlinks.

CVE-2024-44131: @08Tc3wBB of Jamf

Game Center

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: A file access issue was addressed with improved input validation.

CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: An out-of-bounds read issue was addressed with improved input validation.

CVE-2024-27880: Junsung Lee

ImageIO

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may lead to a denial-of-service

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative and an anonymous researcher

IOSurfaceAccelerator

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: The issue was addressed with improved memory handling.

CVE-2024-44169: Antonio Zekić

Kernel

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Network traffic may leak outside a VPN tunnel

Description: A logic issue was addressed with improved checks.

CVE-2024-44165: Andrew Lytvynov

Kernel

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may gain unauthorized access to Bluetooth

Description: This issue was addressed through improved state management.

CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

libxml2

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: An integer overflow was addressed through improved input validation.

CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero

Mail Accounts

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access information about a user's contacts

Description: A privacy issue was addressed with improved private data redaction for log entries.

CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

mDNSResponder

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause a denial-of-service

Description: A logic error was addressed with improved error handling.

CVE-2024-44183: Olivier Levon

Model I/O

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may lead to a denial-of-service

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2023-5841

NetworkExtension

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may gain unauthorized access to Local Network

Description: This issue was addressed through improved state management.

CVE-2024-44147: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

Notes

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to overwrite arbitrary files

Description: This issue was addressed by removing the vulnerable code.

CVE-2024-44167: ajajfxhj

Printing

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An unencrypted document may be written to a temporary file when using print preview

Description: A privacy issue was addressed with improved handling of files.

CVE-2024-40826: an anonymous researcher

Safari Private Browsing

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Private Browsing tabs may be accessed without authentication

Description: An authentication issue was addressed with improved state management.

CVE-2024-44202: Kenneth Chew

Safari Private Browsing

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Private Browsing tabs may be accessed without authentication

Description: This issue was addressed through improved state management.

CVE-2024-44127: Anamika Adhikari

Sandbox

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to leak sensitive user information

Description: This issue was addressed with improved data protection.

CVE-2024-40863: Csaba Fitzl (@theevilbit) of Offensive Security

Siri

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to access contacts from the lock screen

Description: The issue was addressed with improved checks.

CVE-2024-44139: Srijan Poudel

CVE-2024-44180: Bistrit Dahal

Siri

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: A privacy issue was addressed by moving sensitive data to a more secure location.

CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)

Transparency

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: A permissions issue was addressed with additional restrictions.

CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

UIKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to cause unexpected app termination

Description: The issue was addressed with improved bounds checks.

CVE-2024-27879: Justin Cohen

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: This issue was addressed through improved state management.

CVE-2024-40857: Ron Masas

WebKit

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A malicious website may exfiltrate data cross-origin

Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.

CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Wi-Fi

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to force a device to disconnect from a secure network

Description: An integrity issue was addressed with Beacon Protection.

CVE-2024-40856: Domien Schepers

Additional recognition

Core Bluetooth

We would like to acknowledge Nicholas C. of Onymos Inc. (onymos.com) for their assistance.

Foundation

We would like to acknowledge Ostorlab for their assistance.

Installer

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Christian Scalese, Ishan Boda, Shane Gallagher, Chi Yuan Chang of ZUSO ART and taikosoup for their assistance.

Kernel

We would like to acknowledge Braxton Anderson, Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik, Fakhri Zulkifli (@d0lph1n98) of PixiePoint Security for their assistance.

Magnifier

We would like to acknowledge Andr.Ess for their assistance.

Maps

We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Messages

We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup for their assistance.

MobileLockdown

We would like to acknowledge Andr.Ess for their assistance.

Notifications

We would like to acknowledge an anonymous researcher for their assistance.

Passwords

We would like to acknowledge Richard Hyunho Im (@r1cheeta) for their assistance.

Photos

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Harsh Tyagi, Kenneth Chew, Leandro Chaves, Saurabh Kumar from Technocrat Institute of Technology Bhopal, Shibin B Shaji, Vishnu Prasad P G, UST, Yusuf Kelany for their assistance.

Safari

We would like to acknowledge Hafiizh and YoKo Kho (@yokoacc) of HakTrak, James Lee (@Windowsrcer) for their assistance.

Shortcuts

We would like to acknowledge Cristian Dinca of "Tudor Vianu" National High School of Computer Science, Romania, Jacob Braun, an anonymous researcher for their assistance.

Siri

We would like to acknowledge Rohan Paudel for their assistance.

Status Bar

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Jacob Braun for their assistance.

TCC

We would like to acknowledge Vaibhav Prajapati for their assistance.

UIKit

We would like to acknowledge Andr.Ess for their assistance.

Voice Memos

We would like to acknowledge Lisa B for their assistance.

WebKit

We would like to acknowledge Avi Lumelsky, Uri Katz, (Oligo Security), Johan Carlsson (joaxcar) for their assistance.

Wi-Fi

We would like to acknowledge Antonio Zekic (@antoniozekic) and ant4g0nist, Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance.