Apple Releases iOS 18.5 and iPadOS 18.5 with Important Security Fixes

TM_FGTue, 13 May 2025 00:00:00 GMT 0

Hi everyone,

Apple has rolled out iOS 18.5 and iPadOS 18.5 last May 12, 2025, bringing a series of critical security updates designed to protect users and improve device performance.

As always, Apple prioritizes customer safety and does not disclose details about security issues until a fix has been thoroughly investigated and released. This update addresses a number of vulnerabilities that could have affected user privacy, device stability, and data security.


Here are some of the key security improvements included in iOS 18.5:

  • AppleJPEG: A vulnerability that could cause apps to crash or memory issues when handling malicious media files has been resolved through better input sanitization. (CVE-2025-31251)
  • Baseband: A network security issue that could have allowed attackers to intercept traffic on iPhone 16e has been fixed with improved state management. (CVE-2025-31214)
  • Call History: An issue where call logs from deleted apps could still appear in search results has been addressed to better protect user privacy. (CVE-2025-31225)
  • Core Bluetooth: A bug that might allow apps to access sensitive user data was fixed by enhancing state management. (CVE-2025-31212)
  • CoreAudio, CoreGraphics, CoreMedia: Several vulnerabilities that could lead to app crashes or data leaks when parsing certain files have been fixed with better memory and input handling. (Multiple CVEs, including CVE-2025-31208, CVE-2025-31209, CVE-2025-31233)
  • FaceTime: Two separate issues were resolved—one involving microphone audio not being muted during calls, and another that could cause FaceTime to crash when handling web content. (CVE-2025-31253, CVE-2025-31210)
  • FrontBoard: A fix was applied to prevent apps from being able to detect which other apps a user has installed. (CVE-2025-31207)
  • iCloud Document Sharing: A serious flaw that might have allowed unauthorized sharing of iCloud folders was patched with additional entitlement checks. (CVE-2025-30448)
  • Kernel: Multiple kernel-level vulnerabilities were addressed, including issues that could lead to system crashes, memory corruption, or remote attacks. These fixes improve overall system security and stability. (CVE-2025-31219, CVE-2025-31241)
  • libexpat: An open-source library used by iOS had several vulnerabilities that were resolved to prevent potential app crashes or code execution. (CVE-2024-8176)
  • Mail Addressing: An injection flaw that could lead to user interface spoofing when processing emails was addressed with improved input validation. (CVE-2025-24225)
  • mDNSResponder: A potential privilege escalation issue was fixed with better integrity checks. (CVE-2025-31222)

These updates are now available for iPhone XS and later, as well as supported iPad models. Apple recommends installing iOS 18.5 and iPadOS 18.5 as soon as possible to ensure your devices stay protected.


For more details, visit the About the security content of iOS 18.5 and iPadOS 18.5 page.


Questions?

Drop your questions below, and your Trend Techie Buddy is here to help you out!


Join the discussion!

Sign in or create an account.

Mobile Security for iOS

Get help with your Trend Micro Mobile Security (iOS)

Options

Blog Home Feed

Search Blogs

search

Archive

May 2025 1 September 2024 1 March 2024 2 December 2023 1 October 2023 1 September 2023 3