January 29, 2025, update: More information about the repairs included with iOS 18.3 and features like auto-enabled Apple Intelligence, as well as more expert analysis on the update, are now included in this story, which was first published on January 27.
Apple has released iOS 18.3 and advised users to update their iPhones immediately. This is due to the fact that iOS 18.3 addresses a long number of 29 vulnerabilities, one of which has already been exploited.
In order to give users as much time as possible to upgrade before hackers can obtain the information, Apple doesn’t provide a lot of information about the problems that iOS 18.3 fixes.
However, the CoreMedia weakness identified as CVE-2025-24085, which was already exploited and fixed in iOS 18.3, might allow a malicious application to elevate privileges.
According to the iPhone manufacturer’s support page, Apple is aware of a report that suggests this problem may have been actively exploited against iOS versions prior to iOS 17.2.
What iOS 18.3 Has Fixed
Two problems in the kernel, which is the core of the iOS operating system, are also fixed in Apple’s iOS 18.3. The first vulnerability, identified as CVE-2025-24107, might allow malicious software to obtain root capabilities. The second problem, meanwhile, might let an application run code with kernel privileges.
A number of bugs in WebKit, the engine that powers the Safari browser, have been fixed in the iOS 18.3 update. Command injection, in which a malevolent hacker deceives an application into executing operating system commands, could result from a defect in WebKit Web Inspector.
A remote attacker may be able to cause an unexpected program termination or code execution due to a bug in AirPlay that has been identified as CVE-2025-24137.
Another flaw in Passkeys could allow an opponent to use Bluetooth without authorization by using an app.
Apple Releases Mac Updates in Addition to iOS 18.3
Apple has released macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 for its Apple Vision Pro headset, and Safari 18.3 in addition to iOS 18.3, iPadOS 18.3, and iPadOS 17.7.4. These updates address many of the same problems, including the already-exploited weakness.
Reasons to Update to iOS 18.3 Right Away
Apple has released iOS 18.3 alongside iPadOS 17.7.4, but there is no iOS 17.7.4 update yet. This could be due to iOS 17 not being affected, or Apple no longer offering the update to newer devices. Sean Wright, head of application security at Featurespace, recommends iOS users update to iOS 18.3 for increased security.
Wright warns that the most concerning vulnerabilities in iOS 18.3 are the kernel flaws, which could allow an attacker to gain full device control. These issues could be chained with other vulnerabilities, like CVE-2025-24150, enabling remote attacks. Other vulnerabilities addressed in iOS 18.3 are denial of service or privacy-related.
The CoreMedia flaw could have been exploited in previous iOS versions, highlighting the need for iOS 18 updates. However, the vulnerabilities are difficult to exploit, making the risk to most users low. Wright warns that it’s crucial to update to iOS 18, as there are no fixes in older versions.
The iOS 18.3 release includes bug fixes for critical services like Accessibility, AirPlay, CoreMedia, Kernel, Passkeys, Safari, and Webkit. These fixes prevent locked apps from bypassing, block memory corruption, and prevent multiple denial-of-service attacks, enhancing web browsing security.
Covington advises iPhone users and organizations to install security updates quickly, especially iOS 18.3. Apple has automatically enabled AI for iPhone 15s and above, so users should check settings and disable features if desired. While Apple Intelligence is privacy-preserving, it’s worth considering.
Apple has enhanced its AI offerings, incorporating updates to Siri voice assistant that utilize OpenAI’s ChatGPT. Data is processed on devices and sent to Apple’s Private Cloud Compute for resource-heavy requests, with permission required before sending data. OpenAI’s less stringent privacy policy applies.
Apple’s iOS 18.3 is now available for various devices, including iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch, iPad Pro 11-inch, iPad Air, iPad 7th generation, and iPad mini 5th generation. Upgrading to iOS 18.3 is crucial as it fixes an issue exploited in real-life attacks, ensuring iPhone safety.
