Apple has released urgent updates to fix Apple security flaws that could let hackers take over devices just by opening an image, video, or web link.
The new iOS 18.5 update addresses critical issues in AppleJPEG and CoreMedia. These bugs allowed attackers to create malicious media files that could run harmful code with app-level access.
Apple also fixed serious file-handling issues in CoreAudio, CoreGraphics, and ImageIO. If a user opened a booby-trapped file, it could crash apps or leak private data.
In Safari, at least nine WebKit flaws have been patched. Some bugs let dangerous websites crash the browser or run code behind the scenes.
A FaceTime bug was also resolved. Before this fix, audio could continue to transmit even after the user hit the mute button. Apple warns this flaw risked private conversations being overheard.
The company added deeper protection to the system’s core. It fixed two memory issues in the kernel and patched a libexpat bug (CVE-2024-8176) that affects many apps.
Other key updates include:
- A Baseband bug (CVE-2025-31214) that could let attackers intercept traffic on iPhone 16e.
- A privilege escalation flaw in mDNSResponder (CVE-2025-31222).
- A bug in Notes that showed private content from a locked screen.
- Fixes in FrontBoard, iCloud Document Sharing, and Mail Addressing.
So far, Apple says none of the bugs have been used in real-world attacks. Still, the company urges users to update quickly.
The iOS 18.5 update works on iPhone XS and later. The new iPadOS version supports iPad Pro (2018+), iPad Air 3, iPad 7, iPad mini 5, and newer models.
Updates are also available for macOS Sequoia, Sonoma, and Ventura, plus watchOS, tvOS, and visionOS.
These fixes target major Apple security flaws that could silently expose user data. Keeping devices up to date is now more important than ever.
