Apple released critical security updates for iOS and macOS to fix vulnerabilities that could let attackers run malicious code remotely. These flaws affect how the system processes media files and websites, making them dangerous to users who simply open a crafted image or visit a malicious webpage. Vulnerabilities include AppleJPEG (CVE-2025-31251), CoreMedia (CVE-2025-31233), and ImageIO (CVE-2025-31226), each capable of crashing apps, corrupting memory, or causing denial-of-service errors. Several flaws in WebKit—Apple’s web content engine—could lead to unexpected crashes, particularly in the Safari browser, as seen with CVE-2025-31217 and similar bugs.
The iOS 18.5 update fixes numerous severe flaws that could have been exploited without user interaction. Malicious images, video files, and websites could trigger memory corruption or crash vital apps. Attackers might also use the flaws to leak sensitive data by tricking users into opening unsafe content. The CoreGraphics and CoreAudio bugs, along with issues in WebKit, increase the risk of remote code execution and privacy violations. AppleJPEG and CoreMedia vulnerabilities could be triggered by simply viewing media files in messages or browsing content online.
Beyond media and web vulnerabilities, Apple addressed other high-risk bugs in several internal services. A Baseband flaw, CVE-2025-31214, could let attackers intercept network traffic on iPhone 16e models, posing a threat to communication privacy. Another issue, CVE-2025-31222 in mDNSResponder, could allow privilege escalation and lead to broader system compromise. The Notes app was also found leaking data from locked screens, undermining user expectations of privacy. Apple fixed other flaws in FrontBoard, Mail Addressing, and iCloud Document Sharing that could have enabled unauthorized data access.
Apple released the iOS 18.5 update for iPhone XS and newer, with the iPadOS version covering supported iPad models from 2018 onwards. Security patches were also rolled out for macOS Sequoia, macOS Sonoma, macOS Ventura, and platforms such as watchOS, tvOS, and visionOS. Apple recommends users update immediately to reduce the risk of exploitation. These fixes come as part of Apple’s ongoing effort to harden system defenses amid growing concerns about device security, targeted attacks, and user data privacy.
Reference:
