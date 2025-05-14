+ ↺ − 16 px

Apple has rolled out iOS 18.5, urging iPhone users to update immediately due to 33 security fixes included in the release.

The update addresses a range of vulnerabilities, some of which are classified as serious, News.Az reports, citing Forbes.

While Apple typically withholds detailed information to prevent exploitation before users can update, it confirmed that two of the patched flaws affect the Kernel—the core of the iOS operating system. These vulnerabilities could allow a remote attacker to cause unexpected app or system crashes, according to Apple’s official support page.

The iOS 18.5 update is part of Apple’s ongoing efforts to enhance device security and protect users from emerging threats.

Apple’s iOS 18.5 also fixes multiple bugs in WebKit, the engine that underpins the iPhone maker’s Safari browser. Of these, CVE-2025-24213, reported by the Google V8 Security Team is a type confusion issue that could lead to memory corruption.

Image: Forbes

Another problem fixed in iOS 18.5 is an issue in Core Bluetooth that could see an app able to access sensitive user data, while a flaw in iCloud document sharing might allow an attacker to turn on sharing of an iCloud folder without authentication. An issue in mDNSResponder tracked as CVE-2025-31222 could enable an adversary to elevate privileges.

Another notable issue patched in iOS 18.5 is, CVE-2024-8176 affecting libexpat — a code execution vulnerability in open source code, with Apple software among the affected projects.

Apple Issues Multiple Updates Alongside iOS 18.5

Alongside iOS 18.5, Apple issued multiple updates for other devices, including one for a flaw already being exploited in real-life attacks. First things first — the vulnerability in question is in watchOS, the operating system for Apple’s watch.

Available for the Apple Watch Series 6 and later, watchOS 11.5 patches an issue in the iPhone maker’s CoreAudio, where processing an audio stream in a maliciously crafted media file could result in code execution.

Tracked as CVE-2025-31200, the flaw was reported by Apple and Google Threat Analysis Group “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1,” Apple said on its support page. The more eagled-eyed among you may notice that this watchOS 11.5 flaw has been fixed for Apple’s other devices in an emergency update in between upgrades, iOS 18.4.1. This vulnerability was so serious that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised government agencies and high-risk businesses to upgrade urgently, setting a deadline of May 8 to do so. Needless to say, you need to also treat this watchOS 11.5 update as important and apply it to your device now. Other updates released by Apple on May 12 include iPadOS 17.7.7, with fixes for older iPads. Notably, iOS 17.7.7 is not present — which indicates that the iPhone maker is no longer upgrading iOS 17 with security fixes if your device can run iOS 18. I had suspected this for some time, since Apple has been issuing iPadOS 17 updates for several months, with no sign of iOS 17 upgrades alongside them. The iPhone maker usually supports an old operating system for a few months after launching the new one in September, but after that, staying on iOS 17 is a security risk for your iPhone. Apple has also released macOS Sequoia 15.5, macOS Sonoma 14.7.6 and macOS Ventura for Macs, alongside tvOS 18.5 for the Apple TV HD and Apple TV 4K, visionOS 2.5 for the Apple Vision Pro and Safari 18.5 for its browser. All for the upgrades issued alongside iOS 18.5 include important fixes, so ensure you are applying them as soon as you can. Apple’s iOS 18.5 Has A Security Focus Apple’s big point updates are normally feature heavy, but iOS 18.5 has a security focus, experts say. That makes the update all the more important to apply. Michael Covington, VP of strategy at Jamf recommends users “update as quickly as possible,” pointing out that “the update is smaller and largely focused on security enhancements.” He highlights some of iOS 18.5’s privacy-related patches, such as CVE-2025-31253 which addresses a bug where the mute button was not effectively disabling the microphone during FaceTime calls. Meanwhile, iOS 18.5 features improvements to iCloud data protection, with CVE-2025-30448 addressing a scenario where an attacker might be able to turn on iCloud folder sharing without proper authentication, says Covington. The iOS 18.5 update’s security focus means it should be on the radar of everyday iPhone users and enterprise IT teams. The fact that none of the iOS 18.5 flaws have been used in real attacks is an opportunity to get one step ahead of adversaries, Covington advises. In fact, he says now is “the perfect time to patch all supported devices.” “Users and IT teams can celebrate that this release provides a window of opportunity to get ahead of attackers — it appears that none of the vulnerabilities addressed in iOS 18.5 have yet to be exploited in the wild.” Why You Should Update Now To iOS 18.5 Apple’s iOS 18.5 is a major point upgrade including over 30 important security fixes as well as enhanced AI privacy, updates to the Mail app and a new Pride Harmony wallpaper. It also addresses bugs that might have been introduced in the latest iPhone update iOS 18.4.1. This all makes the iOS 18.5 update worth applying as soon as possible. None of the bugs squashed in iOS 18.5 have been exploited in real-life attacks yet. However, it is only a matter of time before more adversaries get hold of the details to perform attacks on people’s iPhones. Apple’s iOS 18.5 is available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

News.Az