We know it’s Friday, but we have one more thing for your to-do list: Update your Apple devices. Apple on Monday released a slew of updates for devices new and old, and even if you’re not getting any new features, there are tons of security patches waiting to make your systems safer.
In all, Apple shipped nine OS updates and one update to GarageBand. The most pressing issue is a zero-day flaw in CoreMedia that has been exploited in the wild. The issue, which was patched in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3, could allow a malicious app to access “privileged parts of the system.”
But while that’s the most immediate threat to your device, it’s not the only reason to go mash that Update button. In all, there are dozens of security fixes to patch vulnerabilities across all corners of the system. Here are just some of the important security updates waiting for your device:
AirPlay
- Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, visionOS 2.3
- Impact: An attacker in a privileged position may be able to perform a denial-of-service
- Description: The issue was addressed with improved memory handling.
- CVE-2025-24131: Uri Katz (Oligo Security)
Kernel
- Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3
- Impact: A malicious app may be able to gain root privileges
- Description: A permissions issue was addressed with additional restrictions.
- CVE-2025-24107: an anonymous researcher
LaunchServices
- Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3
- Impact: An app may be able to fingerprint the user
- Description: This issue was addressed with improved redaction of sensitive information.
- CVE-2025-24117: Michael (Biscuit) Thomas (@[email protected])
SceneKit
- Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3
- Impact: Parsing a file may lead to disclosure of user information
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
WebKit
- Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3
- Impact: Processing web content may lead to a denial-of-service
- Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 283889
- CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore
WebKit
- Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash
- Description: This issue was addressed through improved state management.
- WebKit Bugzilla: 284159
- CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLab
To update your devices, open the Settings app (or System Settings on a Mac), then General and Software Update.
