Apple has rolled out iOS 18.3, urging users to install the update immediately due to the patching of 29 security vulnerabilities, including one that has already been exploited in cyberattacks.
Vulnerabilities addressed in iOS 18.3
This update fixes a range of serious security flaws across several system components, including CoreMedia, Kernel, WebKit, and AirPlay. The one notable vulnerability (CVE-2025-24085) allows a malicious app to escalate privileges and has reportedly been used in attacks on earlier iOS versions. This flaw was found in CoreMedia and could let attackers gain unauthorised access to device functions.
Key security fixes in iOS 18.3
Several critical fixes are part of the release including:
Kernel Vulnerabilities: The update resolves two major Kernel flaws (CVE-2025-24107 and CVE-2025-24150) that could allow malicious apps to gain root privileges or execute code at the Kernel level. This poses a significant risk, as these flaws could give attackers complete control over the device.
WebKit Fixes: Vulnerabilities within WebKit, the browser engine behind Safari, have been patched, including a potential command injection issue that could let hackers execute harmful OS commands via a compromised app.
AirPlay and Passkeys: Issues in AirPlay (CVE-2025-24137) and Passkeys could allow attackers to trigger unexpected app behavior or gain unauthorized Bluetooth access.
Apple advises users to update to iOS 18.3 as soon as possible, as it fixes several high-risk vulnerabilities. Experts highlight that the Kernel flaws, in particular, could allow attackers to take full control of devices if exploited. Additionally, many other vulnerabilities fixed in iOS 18.3 could be combined to launch more sophisticated remote attacks.
