Introduction

Apple released the iOS 18.5 security update, addressing multiple critical vulnerabilities in its iOS and macOS platforms. These vulnerabilities could be exploited by attackers to execute arbitrary code, compromise user privacy, and affect system stability.

Analysis

The main vulnerabilities patched in iOS 18.5, along with their CVE identifiers and CVSS scores, are detailed below:

• CVE-2025-31251 (CVSS 7.8): AppleJPEG: Vulnerability allowing arbitrary code execution when processing manipulated multimedia files.
• CVE-2025-31239 (CVSS 7.5): CoreMedia: Use-after-free vulnerability that can cause unexpected application termination.
• CVE-2025-31233 (CVSS 7.5): CoreMedia: Similar vulnerability affecting video file processing, allowing arbitrary code execution.
• CVE-2025-31208 (CVSS 7.5): CoreAudio: File parsing issue potentially causing unexpected application termination.
• CVE-2025-31209 (CVSS 7.5): CoreGraphics: Out-of-bounds read in file parsing that may disclose sensitive information.
• CVE-2025-31222 (CVSS 7.0): mDNSResponder: Privilege escalation vulnerability through manipulation of network services.
• CVE-2025-31214 (CVSS 7.0): Baseband: State management vulnerability allowing network traffic interception on iPhone 16e devices.
• CVE-2025-31225 (CVSS 6.5): Call History: Exposure of call history from deleted applications in Spotlight search results.
• CVE-2025-31212 (CVSS 6.5): Core Bluetooth: Unauthorized access to sensitive data by apps due to improper state management.
• CVE-2025-31219 (CVSS 6.4): FaceTime: Vulnerability in microphone muting functionality potentially allowing unintended audio transmission.

Affected Resources

The following Apple device versions are affected by these vulnerabilities:

• iPhone: Models from iPhone XS onwards.
• iPad: Models from iPad 7th generation, iPad Air 3rd generation, iPad mini 5th generation, and all versions of iPad Pro.
• macOS: Affected versions include macOS Ventura 13.6.8, macOS Sonoma 14.6, and earlier versions.
• watchOS and tvOS: Affected versions include watchOS 10.6 and tvOS 17.6.

Additionally, a vulnerability in the Baseband component (CVE-2025-31214) has been identified exclusively affecting iPhone 16e devices, allowing network traffic interception from a privileged network position.

Recommendations

Users should update their devices to iOS 18.5, iPadOS 18.5, or corresponding macOS, watchOS, and tvOS versions.

References

• https://www.securityweek.com/apple-patches-major-security-flaws-in-ios-macos-platforms/
• https://support.apple.com/en-us/122404
• https://securityaffairs.com/177748/security/apple-released-security-updates-to-fix-multiple-flaws-in-ios-and-macos.html