Apple regularly lists resolved vulnerabilities for iPhone, iPad, and Mac after each software update. Right on cue, the company has released an extensive list of which security resolutions are included in todays iOS 18.3 and macOS Sequoia 15.3 software updates. As ever, we recommend updating as soon as possible to protect your devices from these security risks.Here are the fixed provided today for iPhone, iPad, and Mac:Table of contentsiOS 18.3AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to an unlocked device may be able to access Photos while the app is lockedDescription: An authentication issue was addressed with improved state management.CVE-2025-24141: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram IndiaAirPlayAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker on the local network may be able to cause unexpected system termination or corrupt process memoryDescription: An input validation issue was addressed.CVE-2025-24126: Uri Katz (Oligo Security)AirPlayAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A remote attacker may cause an unexpected app terminationDescription: A type confusion issue was addressed with improved checks.CVE-2025-24129: Uri Katz (Oligo Security)AirPlayAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker in a privileged position may be able to perform a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24131: Uri Katz (Oligo Security)AirPlayAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A remote attacker may be able to cause a denial-of-serviceDescription: A null pointer dereference was addressed with improved input validation.CVE-2025-24177: Uri Katz (Oligo Security)AirPlayAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: A type confusion issue was addressed with improved checks.CVE-2025-24137: Uri Katz (Oligo Security)ARKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of Zhejiang UniversityCoreAudioAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24160: Google Threat Analysis GroupCVE-2025-24161: Google Threat Analysis GroupCVE-2025-24163: Google Threat Analysis GroupCoreMediaAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24123: Desmond working with Trend Micro Zero Day InitiativeCVE-2025-24124: Pwn2car & Rotiple (HyeongSeok Jang) working with Trend Micro Zero Day InitiativeCoreMediaAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.Description: A use after free issue was addressed with improved memory management.CVE-2025-24085ImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat, D4m0nKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A malicious app may be able to gain root privilegesDescription: A permissions issue was addressed with additional restrictions.CVE-2025-24107: an anonymous researcherKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A validation issue was addressed with improved logic.CVE-2025-24159: pattern-f (@pattern_F_)LaunchServicesAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to fingerprint the userDescription: This issue was addressed with improved redaction of sensitive information.CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)libxsltAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: This issue was addressed through improved state management.CVE-2025-24166: Ivan Fratric of Google Project ZeroManaged ConfigurationAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Restoring a maliciously crafted backup file may lead to modification of protected system filesDescription: This issue was addressed with improved handling of symlinks.CVE-2025-24104: Hichem Maloufi, Hakim BoukhadraPasskeysAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may gain unauthorized access to BluetoothDescription: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.CVE-2024-9956: mastersplinterSafariAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Visiting a malicious website may lead to address bar spoofingDescription: The issue was addressed by adding additional logic.CVE-2025-24128: @RenwaX23SafariAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Visiting a malicious website may lead to user interface spoofingDescription: The issue was addressed with improved UI.CVE-2025-24113: @RenwaX23SceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved bounds checking.CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day InitiativeTime ZoneAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to view a contacts phone number in system logsDescription: A privacy issue was addressed with improved private data redaction for log entries.CVE-2025-24145: Kirin (@Pwnrin)WebContentFilterAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker may be able to cause unexpected system termination or corrupt kernel memoryDescription: An out-of-bounds write was addressed with improved input validation.CVE-2025-24154: an anonymous researcherWebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A maliciously crafted webpage may be able to fingerprint the userDescription: The issue was addressed with improved access restrictions to the file system.WebKit Bugzilla: 283117CVE-2025-24143: an anonymous researcherWebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing web content may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 283889CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore.WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: This issue was addressed through improved state management.WebKit Bugzilla: 284159CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLabWebKit Web InspectorAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Copying a URL from Web Inspector may lead to command injectionDescription: A privacy issue was addressed with improved handling of files.WebKit Bugzilla: 283718CVE-2025-24150: Johan Carlsson (joaxcar)macOS 15.3AirPlayAvailable for: macOS SequoiaImpact: An attacker on the local network may be able to cause unexpected system termination or corrupt process memoryDescription: An input validation issue was addressed.CVE-2025-24126: Uri Katz (Oligo Security)AirPlayAvailable for: macOS SequoiaImpact: A remote attacker may cause an unexpected app terminationDescription: A type confusion issue was addressed with improved checks.CVE-2025-24129: Uri Katz (Oligo Security)AirPlayAvailable for: macOS SequoiaImpact: An attacker in a privileged position may be able to perform a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24131: Uri Katz (Oligo Security)AirPlayAvailable for: macOS SequoiaImpact: A remote attacker may be able to cause a denial-of-serviceDescription: A null pointer dereference was addressed with improved input validation.CVE-2025-24177: Uri Katz (Oligo Security)AirPlayAvailable for: macOS SequoiaImpact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: A type confusion issue was addressed with improved checks.CVE-2025-24137: Uri Katz (Oligo Security)AppKitAvailable for: macOS SequoiaImpact: An app may be able to access protected user dataDescription: The issue was addressed with additional permissions checks.CVE-2025-24087: Mickey Jin (@patch1t)AppleGraphicsControlAvailable for: macOS SequoiaImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24112: D4m0nAppleMobileFileIntegrityAvailable for: macOS SequoiaImpact: An app may be able to access information about a users contactsDescription: A logic issue was addressed with improved restrictions.CVE-2025-24100: Kirin (@Pwnrin)AppleMobileFileIntegrityAvailable for: macOS SequoiaImpact: An app may be able to access sensitive user dataDescription: A downgrade issue was addressed with additional code-signing restrictions.CVE-2025-24109: Bohdan Stasiuk (@Bohdan_Stasiuk)AppleMobileFileIntegrityAvailable for: macOS SequoiaImpact: An app may be able to modify protected parts of the file systemDescription: A permissions issue was addressed with additional restrictions.CVE-2025-24114: Mickey Jin (@patch1t)AppleMobileFileIntegrityAvailable for: macOS SequoiaImpact: An app may be able to modify protected parts of the file systemDescription: A logic issue was addressed with improved checks.CVE-2025-24121: Mickey Jin (@patch1t)AppleMobileFileIntegrityAvailable for: macOS SequoiaImpact: An app may be able to modify protected parts of the file systemDescription: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.CVE-2025-24122: Mickey Jin (@patch1t)ARKitAvailable for: macOS SequoiaImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of Zhejiang UniversityAudioAvailable for: macOS SequoiaImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24106: Wang Yu of CyberservalCoreAudioAvailable for: macOS SequoiaImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24160: Google Threat Analysis GroupCVE-2025-24161: Google Threat Analysis GroupCVE-2025-24163: Google Threat Analysis GroupCoreMediaAvailable for: macOS SequoiaImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24123: Desmond working with Trend Micro Zero Day InitiativeCVE-2025-24124: Pwn2car & Rotiple (HyeongSeok Jang) working with Trend Micro Zero Day InitiativeCoreMediaAvailable for: macOS SequoiaImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.Description: A use after free issue was addressed with improved memory management.CVE-2025-24085CoreRoutineAvailable for: macOS SequoiaImpact: An app may be able to determine a users current locationDescription: The issue was addressed with improved checks.CVE-2025-24102: Kirin (@Pwnrin)FaceTimeAvailable for: macOS SequoiaImpact: An app may be able to access user-sensitive dataDescription: An information disclosure issue was addressed with improved privacy controls.CVE-2025-24134: Kirin (@Pwnrin)iCloudAvailable for: macOS SequoiaImpact: Files downloaded from the internet may not have the quarantine flag appliedDescription: This issue was addressed through improved state management.CVE-2025-24140: Matej Moravec (@MacejkoMoravec)iCloud Photo LibraryAvailable for: macOS SequoiaImpact: An app may be able to bypass Privacy preferencesDescription: The issue was addressed with improved checks.CVE-2025-24174: Arsenii Kostromin (0x3c3e), Joshua JonesImageIOAvailable for: macOS SequoiaImpact: Processing an image may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat, D4m0nKernelAvailable for: macOS SequoiaImpact: An app may be able to cause unexpected system termination or write kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2025-24118: Joseph Ravichandran (@0xjprx) of MIT CSAILKernelAvailable for: macOS SequoiaImpact: A malicious app may be able to gain root privilegesDescription: A permissions issue was addressed with additional restrictions.CVE-2025-24107: an anonymous researcherKernelAvailable for: macOS SequoiaImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A validation issue was addressed with improved logic.CVE-2025-24159: pattern-f (@pattern_F_)LaunchServicesAvailable for: macOS SequoiaImpact: An app may be able to access user-sensitive dataDescription: A race condition was addressed with additional validation.CVE-2025-24094: an anonymous researcherLaunchServicesAvailable for: macOS SequoiaImpact: An app may be able to read files outside of its sandboxDescription: A path handling issue was addressed with improved validation.CVE-2025-24115: an anonymous researcherLaunchServicesAvailable for: macOS SequoiaImpact: An app may be able to bypass Privacy preferencesDescription: An access issue was addressed with additional sandbox restrictions.CVE-2025-24116: an anonymous researcherLaunchServicesAvailable for: macOS SequoiaImpact: An app may be able to fingerprint the userDescription: This issue was addressed with improved redaction of sensitive information.CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)libxsltAvailable for: macOS SequoiaImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: This issue was addressed through improved state management.CVE-2025-24166: Ivan Fratric of Google Project ZeroLogin WindowAvailable for: macOS SequoiaImpact: A malicious app may be able to create symlinks to protected regions of the diskDescription: This issue was addressed with improved validation of symlinks.CVE-2025-24136: MessagesAvailable for: macOS SequoiaImpact: An app may be able to access user-sensitive dataDescription: This issue was addressed with improved redaction of sensitive information.CVE-2025-24101: Kirin (@Pwnrin)NSDocumentAvailable for: macOS SequoiaImpact: A malicious app may be able to access arbitrary filesDescription: This issue was addressed through improved state management.CVE-2025-24096: an anonymous researcherPackageKitAvailable for: macOS SequoiaImpact: An app may be able to modify protected parts of the file systemDescription: The issue was addressed with improved checks.CVE-2025-24130: Pedro Trres (@t0rr3sp3dr0)PasswordsAvailable for: macOS SequoiaImpact: A malicious app may be able to bypass browser extension authenticationDescription: A logging issue was addressed with improved data redaction.CVE-2025-24169: Josh Parnham (@joshparnham)Photos StorageAvailable for: macOS SequoiaImpact: Deleting a conversation in Messages may expose user contact information in system loggingDescription: This issue was addressed with improved redaction of sensitive information.CVE-2025-24146: (@Pwnrin)SafariAvailable for: macOS SequoiaImpact: Visiting a malicious website may lead to address bar spoofingDescription: The issue was addressed by adding additional logic.CVE-2025-24128: @RenwaX23SafariAvailable for: macOS SequoiaImpact: Visiting a malicious website may lead to user interface spoofingDescription: The issue was addressed with improved UI.CVE-2025-24113: @RenwaX23SceneKitAvailable for: macOS SequoiaImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved bounds checking.CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day InitiativeSecurityAvailable for: macOS SequoiaImpact: An app may be able to access protected user dataDescription: This issue was addressed with improved validation of symlinks.CVE-2025-24103: Zhongquan Li (@Guluisacat)SharedFileListAvailable for: macOS SequoiaImpact: An app may be able to access protected user dataDescription: An access issue was addressed with additional sandbox restrictions.CVE-2025-24108: an anonymous researchersipsAvailable for: macOS SequoiaImpact: Parsing a maliciously crafted file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24139: Hossein Lotfi (@hosselot) of Trend Micro Zero Day InitiativeSMBAvailable for: macOS SequoiaImpact: An app may be able to cause unexpected system termination or corrupt kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2025-24151: an anonymous researcherCVE-2025-24152: an anonymous researcherSMBAvailable for: macOS SequoiaImpact: An app with root privileges may be able to execute arbitrary code with kernel privilegesDescription: A buffer overflow issue was addressed with improved memory handling.CVE-2025-24153: an anonymous researcherSpotlightAvailable for: macOS SequoiaImpact: A malicious application may be able to leak sensitive user informationDescription: This issue was addressed through improved state management.CVE-2025-24138: Rodolphe BRUNETTI (@eisw0lf) of Lupus NovaStorageKitAvailable for: macOS SequoiaImpact: A malicious app may be able to gain root privilegesDescription: A permissions issue was addressed with additional restrictions.CVE-2025-24107: an anonymous researcherStorageKitAvailable for: macOS SequoiaImpact: A local attacker may be able to elevate their privilegesDescription: A permissions issue was addressed with improved validation.CVE-2025-24176: Yann GASCUEL of Alter SolutionsSystem ExtensionsAvailable for: macOS SequoiaImpact: An app may be able to gain elevated privilegesDescription: This issue was addressed with improved message validation.CVE-2025-24135: Arsenii Kostromin (0x3c3e)Time ZoneAvailable for: macOS SequoiaImpact: An app may be able to view a contacts phone number in system logsDescription: A privacy issue was addressed with improved private data redaction for log entries.CVE-2025-24145: Kirin (@Pwnrin)TV AppAvailable for: macOS SequoiaImpact: An app may be able to read sensitive location informationDescription: This issue was addressed with improved data protection.CVE-2025-24092: Adam M.WebContentFilterAvailable for: macOS SequoiaImpact: An attacker may be able to cause unexpected system termination or corrupt kernel memoryDescription: An out-of-bounds write was addressed with improved input validation.CVE-2025-24154: an anonymous researcherWebKitAvailable for: macOS SequoiaImpact: A maliciously crafted webpage may be able to fingerprint the userDescription: The issue was addressed with improved access restrictions to the file system.WebKit Bugzilla: 283117CVE-2025-24143: an anonymous researcherWebKitAvailable for: macOS SequoiaImpact: Processing web content may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 283889CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore.WebKitAvailable for: macOS SequoiaImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: This issue was addressed through improved state management.WebKit Bugzilla: 284159CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLabWebKit Web InspectorAvailable for: macOS SequoiaImpact: Copying a URL from Web Inspector may lead to command injectionDescription: A privacy issue was addressed with improved handling of files.WebKit Bugzilla: 283718CVE-2025-24150: Johan Carlsson (joaxcar)WindowServerAvailable for: macOS SequoiaImpact: An attacker may be able to cause unexpected app terminationDescription: This issue was addressed by improved management of object lifetimes.CVE-2025-24120: PixiePoint SecurityXsanAvailable for: macOS SequoiaImpact: An app may be able to elevate privilegesDescription: An integer overflow was addressed through improved input validation.CVE-2025-24156: an anonymous researcherwatchOS 11.3AirPlayAvailable for: Apple Watch Series 6 and laterImpact: An attacker on the local network may be able to cause unexpected system termination or corrupt process memoryDescription: An input validation issue was addressed.CVE-2025-24126: Uri Katz (Oligo Security)AirPlayAvailable for: Apple Watch Series 6 and laterImpact: A remote attacker may cause an unexpected app terminationDescription: A type confusion issue was addressed with improved checks.CVE-2025-24129: Uri Katz (Oligo Security)AirPlayAvailable for: Apple Watch Series 6 and laterImpact: An attacker in a privileged position may be able to perform a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24131: Uri Katz (Oligo Security)AirPlayAvailable for: Apple Watch Series 6 and laterImpact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: A type confusion issue was addressed with improved checks.CVE-2025-24137: Uri Katz (Oligo Security)CoreAudioAvailable for: Apple Watch Series 6 and laterImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24160: Google Threat Analysis GroupCVE-2025-24161: Google Threat Analysis GroupCVE-2025-24163: Google Threat Analysis GroupCoreMediaAvailable for: Apple Watch Series 6 and laterImpact: Parsing a file may lead to an unexpected app terminationDescription: The issue was addressed with improved checks.CVE-2025-24123: Desmond working with Trend Micro Zero Day InitiativeCVE-2025-24124: Pwn2car & Rotiple (HyeongSeok Jang) working with Trend Micro Zero Day InitiativeCoreMediaAvailable for: Apple Watch Series 6 and laterImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.Description: A use after free issue was addressed with improved memory management.CVE-2025-24085ImageIOAvailable for: Apple Watch Series 6 and laterImpact: Processing an image may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat, D4m0nKernelAvailable for: Apple Watch Series 6 and laterImpact: A malicious app may be able to gain root privilegesDescription: A permissions issue was addressed with additional restrictions.CVE-2025-24107: an anonymous researcherKernelAvailable for: Apple Watch Series 6 and laterImpact: An app may be able to execute arbitrary code with kernel privilegesDescription: A validation issue was addressed with improved logic.CVE-2025-24159: pattern-f (@pattern_F_)LaunchServicesAvailable for: Apple Watch Series 6 and laterImpact: An app may be able to fingerprint the userDescription: This issue was addressed with improved redaction of sensitive information.CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)libxsltAvailable for: Apple Watch Series 6 and laterImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: This issue was addressed through improved state management.CVE-2025-24166: Ivan Fratric of Google Project ZeroSceneKitAvailable for: Apple Watch Series 6 and laterImpact: Parsing a file may lead to disclosure of user informationDescription: An out-of-bounds read was addressed with improved bounds checking.CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day InitiativeWebKitAvailable for: Apple Watch Series 6 and laterImpact: Processing web content may lead to a denial-of-serviceDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 283889CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore.WebKitAvailable for: Apple Watch Series 6 and laterImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: This issue was addressed through improved state management.WebKit Bugzilla: 284159CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLabApple has also published documentation on security updates for iPadOS 17.7.4, macOS 14.7.3, macOS 13.7.3, tvOS 18.3, and Safari 18.3.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel