Apple’s recent iOS 18.3 and iPadOS 18.3 updates address numerous security vulnerabilities across various system components, including AirPlay, ARKit, Safari, and WebKit. Notably, these updates fix issues related to privilege escalation, unexpected app termination, and denial-of-service vulnerabilities, which could lead to unauthorized access, arbitrary code execution, and potential data leaks. A significant zero-day vulnerability in the CoreMedia framework, actively exploited in the wild, has been patched. These updates include enhanced input validation, memory management, and security protocols to resolve these critical flaws.
Apple is aware of a report that this issue may have been actively exploited in versions of iOS prior to iOS 17.2. These vulnerabilities affect various Apple devices and could lead to potential exploits in several areas. The problem has been addressed with improved memory management in a wide range of devices and operating systems.
Apple AirPlay is a wireless streaming feature that allows users to share audio, video, and screen content between Apple devices. It enables seamless media casting from an iPhone, iPad, or Mac to compatible devices like Apple TVs and smart speakers. AirPlay uses Wi-Fi or Bluetooth for high-quality, lag-free transmission.
The updates also address five security flaws in AirPlay. All of which were reported by Oligo Security researcher Uri Katz. These flaws can be exploited by an attacker to cause unexpected system failure, denial-of-service (DoS) or arbitrary code execution under certain circumstances.
CoreMedia is a framework in iOS and macOS that handles the processing and management of media data, including video, audio, and time-based content. CoreAudio is a low-level API responsible for handling audio input/output, providing high-performance sound processing and playback across Apple devices. The CoreMedia and CoreAudio components also contain critical vulnerabilities that could lead to unexpected app terminations.
Google’s Threat Analysis Group (TAG) discovered three vulnerabilities in the CoreAudio component. TAG also reported those, as CVE-2025-24160, CVE-2025-24161 and CVE-2025-24163. These can lead to unexpected termination of an application when processing a specially crafted file.
iOS 18.3 addresses two major kernel-level vulnerabilities. One involves a permissions issue that could let malicious apps gain root privileges, while the other is a validation flaw that could allow apps to execute arbitrary code with kernel-level access. These vulnerabilities pose a significant threat to system integrity, enabling potential full system compromise. The iOS 18.3 update introduces tighter restrictions and improved logic to reduce the risk of privilege escalation.
WebKit and Safari, key components for web browsing on iOS and iPadOS, contained several vulnerabilities that could let malicious websites spoof user interfaces, trigger denial-of-service attacks, and compromise user privacy. WebKit, in particular, had flaws enabling fingerprinting and address bar spoofing. Apple addressed these issues with enhanced access controls, improved memory management, and redaction of sensitive information to better protect user privacy and prevent such attacks.
The latest software updates address vulnerabilities across a range of Apple devices, including iPhones, iPads, Macs, Apple TVs, the Vision Pro headset, and the Apple Watch. Users of iPhones (iPhone XS and later) and various iPad models are advised to update to iOS 18.3 or iPadOS 18.3. Mac users with macOS Sequoia should upgrade to version 15.3, while Apple Watch users need to install watchOS 11.3 to mitigate these risks. The updates also fix five security flaws in AirPlay, preventing potential system crashes or arbitrary code execution. Additionally, the Google Threat Analysis Group helped identify three vulnerabilities in the CoreAudio component.
