Update Your iPhone Now: iOS 18.1 Includes More Than 25 Security Fixes

In a support document, Apple has listed more than 25 security fixes that are included in this week's iOS 18.1 and iPadOS 18.1 updates for the iPhone and iPad. We recommend updating your device soon in order to keep yourself protected.

iOS 18
To update your iPhone or iPad, open the Settings app and tap General → Software Update.

The full security notes for iOS 18.1 and iPadOS 18.1:

Accessibility
Available for: iPhone XS and later

Impact: An attacker with physical access to a locked device may be able to view sensitive user information

Description: The issue was addressed with improved authentication.

CVE-2024-44274: Rizki Maulana (rmrizki.my.id), Matthew Butler, Jake Derouin

App Support
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A malicious app may be able to run arbitrary shortcuts without user consent

Description: A path handling issue was addressed with improved logic.

CVE-2024-44255: an anonymous researcher

CoreMedia Playback
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A malicious app may be able to access private information

Description: This issue was addressed with improved handling of symlinks.

CVE-2024-44273: pattern-f (@pattern_F_), Hikerell of Loadshine Lab

CoreText
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: The issue was addressed with improved checks.

CVE-2024-44240: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

CVE-2024-44302: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

Foundation
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Parsing a file may lead to disclosure of user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2024-44282: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing an image may result in disclosure of process memory

Description: This issue was addressed with improved checks.

CVE-2024-44215: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted message may lead to a denial-of-service

Description: The issue was addressed with improved bounds checks.

CVE-2024-44297: Jex Amro

IOSurface
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination or corrupt kernel memory

Description: A use-after-free issue was addressed with improved memory management.

CVE-2024-44285: an anonymous researcher

iTunes
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to break out of Web Content sandbox

Description: A custom URL scheme handling issue was addressed with improved input validation.

CVE-2024-40867: Ziyi Zhou (@Shanghai Jiao Tong University), Tianxiao Hou (@Shanghai Jiao Tong University)

Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to leak sensitive kernel state

Description: An information disclosure issue was addressed with improved private data redaction for log entries.

CVE-2024-44239: Mateusz Krzywicki (@krzywix)

Managed Configuration
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files

Description: This issue was addressed with improved handling of symlinks.

CVE-2024-44258: Hichem Maloufi, Christian Mina, Ismail Amzdak

MobileBackup
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files

Description: A logic issue was addressed with improved file handling.

CVE-2024-44252: Nimrat Khalsa, Davis Dai, James Gill (@jjtech@infosec.exchange)

Pro Res
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination or corrupt kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2024-44277: an anonymous researcher and Yinyi Wu(@_3ndy1) from Dawn Security Lab of JD.com, Inc.

Safari Downloads
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to misuse a trust relationship to download malicious content

Description: This issue was addressed through improved state management.

CVE-2024-44259: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Safari Private Browsing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Private browsing may leak some browsing history

Description: An information leakage was addressed with additional validation.

CVE-2024-44229: Lucas Di Tomase

SceneKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to heap corruption

Description: This issue was addressed with improved checks.

CVE-2024-44218: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-44254: Kirin (@Pwnrin)

Shortcuts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A malicious app may use shortcuts to access restricted files

Description: A logic issue was addressed with improved checks.

CVE-2024-44269: an anonymous researcher

Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2024-44194: Rodolphe Brunetti (@eisw0lf)

Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker with physical access may be able to access contact photos from the lock screen

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-40851: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Srijan Poudel

Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: A logic issue was addressed with improved state management.

CVE-2024-44263: Kirin (@Pwnrin) and 7feilee

Siri
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A sandboxed app may be able to access sensitive user data in system logs

Description: An information disclosure issue was addressed with improved private data redaction for log entries.

CVE-2024-44278: Kirin (@Pwnrin)

Spotlight
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to view restricted content from the lock screen

Description: This issue was addressed through improved state management.

CVE-2024-44251: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

Spotlight
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to view restricted content from the lock screen

Description: The issue was addressed with improved checks.

CVE-2024-44235: Rizki Maulana (rmrizki.my.id), Dalibor Milanovic, Richard Hyunho Im (@richeeta) with Route Zero Security

VoiceOver
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to view restricted content from the lock screen

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2024-44261: Braylon (@softwarescool)

WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 278765

CVE-2024-44296: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A memory corruption issue was addressed with improved input validation.

WebKit Bugzilla: 279780

CVE-2024-44244: an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer)

Popular Stories

iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive an All-New Perk

Thursday February 6, 2025 11:21 am PST by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. iCloud+ is the official name for Apple's paid iCloud storage plans, which range from 50GB for $0.99 per month to 12TB for $59.99 per month in the United States. iCloud+ plans already come with multiple perks for free, such as Hide My Email and HomeKit Secure Video, and now there is another one...
2007 iPhone

Apple Discontinuing This 18-Year-Old iPhone Feature

Saturday February 8, 2025 3:51 pm PST by
The end of an 18-year era is on the horizon for the iPhone. Apple reportedly plans to announce a new iPhone SE as soon as next week, and the device is expected to feature a full-screen design with Face ID, instead of a Touch ID home button. That means Apple will no longer sell any new iPhone models with a home button, for the first time since the original iPhone launched. The home button...
iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
iPhone SE 4 Single Camera Thumb

iPhone SE 4 Launching as Soon as Next Week

Thursday February 6, 2025 3:30 pm PST by
Apple's next-generation iPhone SE could debut as soon as next week with a launch to follow later in February, reports Bloomberg's Mark Gurman. Apple isn't expected to hold an event for the iPhone SE 4, and will instead unveil the device through a press release. The iPhone SE 4 is expected to have an iPhone 14-style design, with Apple eliminating the thick bezels and Touch ID Home button of...
iCloud General Feature Redux

Apple Ordered by UK to Create Global iCloud Encryption Backdoor

Friday February 7, 2025 2:37 am PST by
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post. The undisclosed order is said to have been issued last month, and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before...
iOS 18

iOS 18.3.1 Update Coming Soon for iPhones

Thursday February 6, 2025 7:31 am PST by
Apple is internally testing iOS 18.3.1 for iPhones, according to our website's analytics logs, which have been a consistently reliable indicator of upcoming iOS versions. The software update should be released within the next few weeks. iOS 18.3.1 should be a minor update that addresses software bugs and/or security vulnerabilities. Apple Intelligence notification summaries for news and...
Apple Leak Feature

Apple Leaker Issues Apology: 'Profound and Expensive Mistake'

Friday February 7, 2025 9:21 am PST by
Last year, we reported that Apple sued its former software engineer Andrew Aude for providing journalists with confidential information about the company's future plans, including details about the Journal app, Vision Pro headset, and more. As reported by 9to5Mac, the Superior Court of Santa Clara County on Thursday dismissed the lawsuit after Apple and Aude reached an agreement to resolve...
imac video apple feature

Apple to Announce New Products Next Week

Saturday February 8, 2025 10:55 am PST by
Apple has yet to release any new devices in 2025, but at least two new products are expected to be announced next week, according to rumors. Below, we outline the new Apple products that are likely to be unveiled next week. iPhone SE 4 Apple plans to announce the long-rumored iPhone SE 4 as soon as next week, according to Bloomberg's Mark Gurman. The new iPhone SE is rumored to...