Apple announced iOS 18.3, with a warning to install it right away as the new update fixed 29 significant vulnerabilities, including one actively exploited flaw. The technology company is playing on the safety of the users by keeping the issues brief to give time for the installation before the attacker reaps the benefit of the fixes.
The most critical vulnerability, tracked as CVE-2025-24085 is a flaw with CoreMedia, which can enable a malicious app to elevate its privileges. Notably, there were reports from Apple about the exploitation of this flaw in earlier iOS versions, so the company requested an upgrade.
iOS 18.3 addresses two critical Kernel bugs. In one vulnerability, CVE-2025-24107, malicious applications could potentially obtain root privileges. Another involved the capability of code execution with Kernel-level access. These patches improve the core safety of the operating system, mitigating severe threats.
Updates for the Safari WebKit browser fix vulnerabilities that, if exploited by an attacker could lead to injecting commands that in turn enable malicious execution of unintended system commands. Thereby exposing possibly sensitive information associated with users due to potential insecurity and privacy violations.
These same updates are available for other Apple devices that are launched with iOS 18.3. macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3, and tvOS 18.3 all improve security in their respective patches that correct vulnerabilities affecting larger portions of Apple’s platform. These upgrades improve the protections that exist on iPhones, iPads, Macs, Apple Watches, and Apple Vision Pro.
Apple has not communicated about the exploits, but security experts indicate that there have been vulnerabilities discovered in AirPlay and CoreAudio, which have been considered an attack vector under specific conditions because they could trigger system crashes or even execute malicious code.
Apple, therefore, warns all users to install the updates immediately to keep their devices secure from various threats. Already, active exploitation has been reported; hence, an update in time for the security of both data and the device.
To Read More: Technology