Apple iOS/iPadOS Security Updates and CVE Fixes Across Multiple Releases
Apple published security advisories detailing vulnerability fixes across multiple iOS and iPadOS versions, including iOS/iPadOS 16.7, 17.2, 18.1, 18.3, 26.1, and 26.2. The advisories describe a range of impacts such as sandbox escapes (including Web Content sandbox breakout), privacy issues where apps could access or expose sensitive user data via insufficient log redaction, file-system modification via temporary-file handling, and memory-safety flaws (e.g., out-of-bounds reads, type confusion, and bounds-checking issues) that could lead to crashes or memory corruption. Apple attributes fixes to changes like improved protocol handling, cache handling, input validation, and additional permission restrictions, and references issues by CVE where available.
Several advisories also highlight device-state and authentication/logic weaknesses: iOS/iPadOS 18.3 includes a case where an attacker with physical access to an unlocked device could access Photos while the app is locked (CVE-2025-24141), while iOS/iPadOS 18.1 includes a lock-screen exposure issue (CVE-2024-44274) and a Shortcuts-related path-handling flaw that could allow arbitrary shortcut execution without user consent (CVE-2024-44255). The iOS/iPadOS 26.x advisories include privacy and permission issues (e.g., identifying installed apps, screenshots of sensitive embedded views), potential kernel memory corruption/system termination conditions, and logic/UI issues affecting security posture (e.g., passcode requirement timing after Face ID enrollment restore scenarios and potential FaceTime caller ID spoofing), with multiple findings credited to external researchers and teams (including Google Project Zero, ByteDance IES Red Team, and others).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
15 events from the most recent confirmed update back to the earliest known activity.
Apple publishes iOS 26.1 and iPadOS 26.1 security advisory
Apple published the iOS 26.1 and iPadOS 26.1 security advisory on January 16, 2026, documenting the vulnerabilities fixed in the November 2025 release and noting some entries had been updated on December 12, 2025.
Apple publishes iOS 26.2 and iPadOS 26.2 security advisory
Apple published the iOS 26.2 and iPadOS 26.2 security advisory on January 9, 2026, describing the December 2025 fixes and noting added or updated entries including a FaceTime caller ID spoofing issue and additional web-content crash vulnerabilities.
Apple releases iOS 26.2 and iPadOS 26.2
Apple released iOS 26.2 and iPadOS 26.2 on December 12, 2025, fixing numerous vulnerabilities including exposure of payment tokens, Safari history and hidden photos, file- and HID-triggered memory corruption, and a web-content flaw that may have been exploited in a highly targeted attack.
Apple publishes iOS 18.4, visionOS 2.4, and related security advisories
On November 11, 2025, Apple published security advisories for iOS 18.4 and iPadOS 18.4 as well as visionOS 2.4, detailing numerous fixes for privacy leaks, privilege escalation, sandbox escapes, local-network attack vectors, web spoofing, and memory-safety flaws.
Apple publishes iOS 26 and iPadOS 26 security advisory
Apple published the security advisory for iOS 26 and iPadOS 26 on November 4, 2025, later surfaced in the referenced support document, detailing numerous CVE-tracked vulnerabilities fixed in the September 2025 release.
Apple releases iOS 26.1 and iPadOS 26.1
Apple released iOS 26.1 and iPadOS 26.1 on November 3, 2025, addressing a broad set of privacy, permission-bypass, sandbox escape, keystroke monitoring, kernel memory corruption, and malicious web-content issues.
Apple releases iOS 26 and iPadOS 26
Apple released iOS 26 and iPadOS 26 on September 15, 2025, fixing numerous vulnerabilities including memory corruption, sensitive data exposure, sandbox bypasses, keystroke monitoring without permission, and web-content processing flaws.
Apple releases iOS 18.6.2 and iPadOS 18.6.2 for exploited image flaw
On August 20, 2025, Apple released iOS 18.6.2 and iPadOS 18.6.2 to fix CVE-2025-43300, an out-of-bounds write in image processing that could cause memory corruption. Apple said it was aware the flaw may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Apple publishes macOS Ventura 13.7.5 security advisory
Apple published the macOS Ventura 13.7.5 security update advisory on July 29, 2025, documenting numerous fixes for privilege escalation, sandbox escapes, authentication bypasses, privacy leaks, memory corruption, and network-reachable issues.
Apple updates macOS Ventura 13.7.5 advisory with added CVEs
Apple added several CVE entries to the macOS Ventura 13.7.5 security advisory on April 28, 2025, with further updates on May 28, 2025 and an additional entry on July 29, 2025.
Apple publishes iOS 18.2 and iPadOS 18.2 security advisory
Apple published the security advisory for iOS 18.2 and iPadOS 18.2 on April 2, 2025, detailing vulnerabilities fixed in the December 2024 release and noting several entries added or updated in early 2025.
Apple publishes iOS 18 and iPadOS 18 security content advisory
Apple published the security content document for iOS 18 and iPadOS 18 on March 3, 2025, summarizing the vulnerabilities addressed in the September 2024 release and subsequent advisory updates.
Apple updates iOS 18 advisory with additional CVE entries
Apple added or updated multiple CVE entries in the iOS 18 and iPadOS 18 security advisory on October 28, 2024 and again on March 3, 2025, expanding the documented details of vulnerabilities fixed in the September 2024 release.
Apple releases iOS 18.2 and iPadOS 18.2
Apple released iOS 18.2 and iPadOS 18.2 on December 11, 2024, fixing multiple issues including authentication bypasses, sandbox escapes, sensitive data exposure, network privacy weaknesses, and memory-safety flaws.
Apple releases iOS 18 and iPadOS 18 security fixes
Apple released iOS 18 and iPadOS 18 on September 16, 2024, addressing numerous vulnerabilities affecting privacy, sandboxing, file handling, Bluetooth, VPN/networking, and web content processing on supported iPhones and iPads.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
10 references tracked. Mallory keeps watching after this page renders.
About the security content of iOS 18 and iPadOS 18 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 26 and iPadOS 26 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 26.2 and iPadOS 26.2 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 18.6.2 and iPadOS 18.6.2 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 18.2 and iPadOS 18.2 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 18 and iPadOS 18 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 18.4 and iPadOS 18.4 - Apple Support
support.apple.com
Open sourceAbout the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
cc.zdnet.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Apple security updates addressing actively exploited iOS and macOS vulnerabilities
Apple published multiple security advisories across iOS/iPadOS, macOS, and watchOS releases that include fixes for vulnerabilities reported as **actively exploited** in the wild. Notable exploited issues include iOS/iPadOS 15.6.1 fixes for **kernel** and **WebKit** out-of-bounds writes enabling arbitrary code execution (`CVE-2022-32894`, `CVE-2022-32893`), iOS/iPadOS 16.3.1’s exploited **WebKit** type confusion leading to code execution (`CVE-2023-23529`), and iOS/iPadOS 15.7.5 plus macOS Big Sur 11.7.6 addressing an **IOSurfaceAccelerator** out-of-bounds write that could yield kernel-level code execution (`CVE-2023-28206`) alongside an exploited **WebKit** use-after-free (`CVE-2023-28205`). Apple also shipped iOS/iPadOS 16.6.1 and macOS Ventura 13.5.2 updates to remediate an exploited **ImageIO** buffer overflow (`CVE-2023-41064`) and an exploited **Wallet** attachment validation issue that could allow code execution (`CVE-2023-41061`). Separately, Apple’s iOS 17.0.1 and watchOS 9.6.3 advisories describe two vulnerabilities (`CVE-2023-41991`, `CVE-2023-41992`) reported by **Citizen Lab** and Google’s **Threat Analysis Group** as exploited against versions prior to iOS 16.7, involving **signature validation bypass** and **local privilege escalation**. Other referenced advisories (e.g., iOS/iPadOS 16.7, iOS/iPadOS 17.2, iOS/iPadOS 18.1, iOS/iPadOS 18.3, macOS Sequoia 15.1, iOS/iPadOS 26.1, macOS Tahoe 26.1, iOS/iPadOS 26.2) primarily enumerate additional CVEs and privacy/logic/memory-safety fixes but do not clearly tie to the same specific exploited-vulnerability disclosures, indicating they are broader platform security bulletins rather than part of a single incident response.
Mar 21, 2026
Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities
Apple released a wide-ranging set of security updates across **iOS**, **iPadOS**, **macOS Tahoe**, **watchOS**, **tvOS**, **visionOS**, **Safari**, and **Xcode**, addressing more than 85 vulnerabilities across core components including the kernel, WebKit, AirPlay, Keychain, and open-source libraries. The updates fix issues that could enable traffic interception, kernel state disclosure, user fingerprinting, installed-app enumeration, Mail privacy bypasses, exposure of deleted Notes content, and crashes from out-of-bounds writes. Apple said it had no reports of in-the-wild exploitation for the vulnerabilities listed in the release notes, but urged users to update, with particular importance for older devices and managed macOS environments. Among the patched flaws is **`CVE-2024-27828`**, a high-severity memory-handling bug in **IOSurfaceRoot** that could let a local app trigger a kernel panic or execute arbitrary code with kernel privileges. STAR Labs said the issue stemmed from a reference count leak in `IOSurfaceRootUserClient::s_create_shared_event`, where repeated calls with crafted input could corrupt memory handling; the flaw affected iOS and iPadOS before 17.5, tvOS before 17.5, watchOS before 10.5, and visionOS before 1.2. Apple addressed the bug through improved memory handling, adding it to a broader pattern of fixes spanning both current and legacy Apple platforms.
May 25, 2026
Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw
Apple issued security updates across its ecosystem to address **multiple vulnerabilities** affecting *iOS, iPadOS, macOS, tvOS, watchOS,* and *visionOS*, with impacts including **remote code execution (RCE)**, denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted **CVE-2026-20700** as a **high-risk** issue and noted it is **being exploited in the wild**; the flaw is described as an **improper restriction of operations within the bounds of a memory buffer** that could allow arbitrary code execution when an attacker has memory-write capability. Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., **CVE-2026-20645** and **CVE-2026-20674**) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (**CVE-2026-20650**). The updates apply to **iPhone 11 and later** and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.
May 12, 2026