Copyright 9to5Mac
Accessibility Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to identify what other apps a user has installed Description: A permissions issue was addressed with additional restrictions. CVE-2025-43442: Zhongcheng Li from IES Red Team of ByteDance Apple Account Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A malicious app may be able to take a screenshot of sensitive information in embedded views Description: A privacy issue was addressed with improved checks. CVE-2025-43455: Ron Masas of BreakPoint.SH, Pinak Oza Apple Neural Engine Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to cause unexpected system termination or corrupt kernel memory Description: The issue was addressed with improved memory handling. CVE-2025-43447: an anonymous researcher CVE-2025-43462: an anonymous researcher Apple TV Remote Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A malicious app may be able to track users between installs Description: The issue was addressed with improved handling of caches. CVE-2025-43449: Rosyna Keller of Totally Not Malicious Software AppleMobileFileIntegrity Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks. CVE-2025-43379: Gergely Kalman (@gergely_kalman) Assets Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved entitlements. CVE-2025-43407: JZ Audio Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging Description: A logging issue was addressed with improved data redaction. CVE-2025-43423: Duy Trần (@khanhduytran0) Camera Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A logic issue was addressed with improved checks. CVE-2025-43450: Dennis Briner CloudKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved validation of symlinks. CVE-2025-43448: Hikerell (Loadshine Lab) Contacts Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A logging issue was addressed with improved data redaction. CVE-2025-43426: Wojciech Regula of SecuRing (wojciechregula.blog) Control Center Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An attacker may be able to view restricted content from the lock screen Description: A permissions issue was addressed with additional restrictions. CVE-2025-43350: Lukaah Marlowe CoreServices Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to enumerate a user’s installed apps Description: A permissions issue was addressed with additional restrictions. CVE-2025-43436: Zhongcheng Li from IES Red Team of ByteDance CoreText Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2025-43445: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative FileProvider Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: An authorization issue was addressed with improved state management. CVE-2025-43498: pattern-f (@pattern_F_) Find My Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A privacy issue was addressed by moving sensitive data. CVE-2025-43507: iisBuri Installer Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A permissions issue was addressed with additional restrictions. CVE-2025-43444: Zhongcheng Li from IES Red Team of ByteDance Kernel Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to cause unexpected system termination Description: The issue was addressed with improved memory handling. CVE-2025-43398: Cristian Dinca (icmd.tech) libxpc Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A sandboxed app may be able to observe system-wide network connections Description: An access issue was addressed with additional sandbox restrictions. CVE-2025-43413: Dave G. and Alex Radocea of supernetworks.org Mail Drafts Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Remote content may be loaded even when the ‘Load Remote Images’ setting is turned off Description: The issue was addressed by adding additional logic. CVE-2025-43496: Romain Lebesle, Himanshu Bharti @Xpl0itme From Khatima MallocStackLogging Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2025-43294: Gergely Kalman (@gergely_kalman) Model I/O Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2025-43386: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43385: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43384: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative CVE-2025-43383: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative Multi-Touch Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A malicious HID device may cause an unexpected process crash Description: The issue was addressed with improved bounds checks. CVE-2025-43424: Google Threat Analysis Group Notes Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed by removing the vulnerable code. CVE-2025-43389: Kirin (@Pwnrin) On-device Intelligence Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to fingerprint the user Description: A privacy issue was addressed by removing sensitive data. CVE-2025-43439: Zhongcheng Li from IES Red Team of ByteDance Photos Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved handling of temporary files. CVE-2025-43391: Asaf Cohen Safari Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved checks. CVE-2025-43493: @RenwaX23 Safari Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2025-43503: @RenwaX23 Safari Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to bypass certain Privacy preferences Description: A privacy issue was addressed by removing sensitive data. CVE-2025-43502: an anonymous researcher Sandbox Profiles Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to access sensitive user data Description: A privacy issue was addressed with improved handling of user preferences. CVE-2025-43500: Stanislav Jelezoglo Siri Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A device may persistently fail to lock Description: This issue was addressed through improved state management. CVE-2025-43454: Joshua Thomas Status Bar Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An attacker with physical access to a locked device may be able to view sensitive user information Description: A logic issue was addressed with improved checks. CVE-2025-43460: Isaiah Wan Stolen Device Protection Available for: iPhone 11 and later Impact: An attacker with physical access to a device may be able to disable Stolen Device Protection Description: The issue was addressed by adding additional logic. CVE-2025-43422: Will Caine Text Input Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Keyboard suggestions may display sensitive information on the lock screen Description: This issue was addressed by restricting options offered on a locked device. CVE-2025-43452: Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott (@MrPeriPeri) & Richard Hyunho Im (@richeeta), Mark Bowers, Joey Hewitt, Dylan Rollins, Arthur Baudoin, an anonymous researcher, Andr.Ess WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A malicious website may exfiltrate data cross-origin Description: The issue was addressed with improved checks. WebKit Bugzilla: 276208 CVE-2025-43480: Aleksejs Popovs WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed through improved state management. WebKit Bugzilla: 296693 CVE-2025-43458: Phil Beauvoir WebKit Bugzilla: 298196 CVE-2025-43430: Google Big Sleep WebKit Bugzilla: 298628 CVE-2025-43427: Gary Kwong, rheza (@ginggilBesel) WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks. WebKit Bugzilla: 299843 CVE-2025-43443: an anonymous researcher WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298496 CVE-2025-43441: rheza (@ginggilBesel) WebKit Bugzilla: 299391 CVE-2025-43435: Justin Cohen of Google WebKit Bugzilla: 298851 CVE-2025-43425: an anonymous researcher WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This issue was addressed with improved checks WebKit Bugzilla: 298126 CVE-2025-43440: Nan Wang (@eternalsakura13) WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 297662 CVE-2025-43438: shandikri working with Trend Micro Zero Day Initiative WebKit Bugzilla: 298606 CVE-2025-43457: Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Bugzilla: 297958 CVE-2025-43434: Google Big Sleep WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: An app may be able to monitor keystrokes without user permission Description: The issue was addressed with improved checks. WebKit Bugzilla: 300095 CVE-2025-43495: Lehan Dilusha Jayasinghe WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to memory corruption Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298093 CVE-2025-43433: Google Big Sleep WebKit Bugzilla: 298194 CVE-2025-43431: Google Big Sleep WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 299313 CVE-2025-43432: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A buffer overflow was addressed with improved bounds checking. WebKit Bugzilla: 298232 CVE-2025-43429: Google Big Sleep WebKit Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: Multiple issues were addressed by disabling array allocation sinking. WebKit Bugzilla: 300718 CVE-2025-43421: Nan Wang (@eternalsakura13) WebKit Canvas Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later Impact: A website may exfiltrate image data cross-origin Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 297566 CVE-2025-43392: Tom Van Goethem
