Update

An integrity issue was addressed with Beacon Protection & other Fixes

iOS 18 and iPadOS 18 Security Update
Released September 16, 2024

Accessibility

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An attacker with physical access may be able to use Siri to access sensitive user data
  • Description: This issue was addressed through improved state management.
  • CVE-2024-40840: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

Accessibility

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to enumerate a user's installed apps
  • Description: This issue was addressed with improved data protection.
  • CVE-2024-40830: Chloe Surett

Accessibility

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features
  • Description: This issue was addressed through improved state management.
  • CVE-2024-44171: Jake Derouin

Accessibility

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An attacker may be able to see recent photos without authentication in Assistive Access
  • Description: This issue was addressed by restricting options offered on a locked device.
  • CVE-2024-40852: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India

Cellular

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: A remote attacker may be able to cause a denial-of-service
  • Description: This issue was addressed through improved state management.
  • CVE-2024-27874: Tuan D. Hoang

Compression

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files
  • Description: A race condition was addressed with improved locking.
  • CVE-2024-27876: Snoolie Keffaber (@0xilis)

Control Center

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

-Impact: An app may be able to record the screen without an indicator

  • Description: The issue was addressed with improved checks.
  • CVE-2024-27869: an anonymous researcher

Core Bluetooth

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: A malicious Bluetooth input device may bypass pairing
  • Description: This issue was addressed through improved state management.
  • CVE-2024-44124: Daniele Antonioli

FileProvider

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access sensitive user data
  • Description: This issue was addressed with improved validation of symlinks.
  • CVE-2024-44131: @08Tc3wBB of Jamf

Game Center

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access user-sensitive data
  • Description: A file access issue was addressed with improved input validation.
  • CVE-2024-40850: Denis Tokarev (@illusionofcha0s)

FileProvider

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access sensitive user data
  • Description: This issue was addressed with improved validation of symlinks.
  • CVE-2024-44131: @08Tc3wBB of Jamf

Game Center

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access user-sensitive data
  • Description: A file access issue was addressed with improved input validation.
  • CVE-2024-40850: Denis Tokarev (@illusionofcha0s)ImageIO

ImageIO

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Processing a maliciously crafted file may lead to unexpected app termination
  • Description: An out-of-bounds read issue was addressed with improved input validation.
  • CVE-2024-27880: Junsung Lee

ImageIO

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Processing an image may lead to a denial-of-service
  • Description: An out-of-bounds access issue was addressed with improved bounds checking.
  • CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro Zero Day Initiative and an anonymous researcher

IOSurfaceAccelerator

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
    -
  • Impact: An app may be able to cause unexpected system termination
    -
  • Description: The issue was addressed with improved memory handling.
    -
  • CVE-2024-44169: Antonio Zekić

Kernel

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Network traffic may leak outside a VPN tunnel
  • Description: A logic issue was addressed with improved checks.
  • CVE-2024-44165: Andrew Lytvynov

Kernel

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may gain unauthorized access to Bluetooth
  • Description: This issue was addressed through improved state management.
  • CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

libxml2

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Processing maliciously crafted web content may lead to an unexpected process crash
  • Description: An integer overflow was addressed through improved input validation.
  • CVE-2024-44198: OSS-Fuzz, Ned Williamson of Google Project Zero

Mail Accounts

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access information about a user's contacts
  • Description: A privacy issue was addressed with improved private data redaction for log entries.
  • CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)

mDNSResponder

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to cause a denial-of-service
  • Description: A logic error was addressed with improved error handling.
  • CVE-2024-44183: Olivier Levon

Model I/O

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Processing a maliciously crafted image may lead to a denial-of-service
  • Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
  • CVE-2023-5841

NetworkExtension

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may gain unauthorized access to Local Network
  • Description: This issue was addressed through improved state management.
  • CVE-2024-44147: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven (@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

Notes

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to overwrite arbitrary files
  • Description: This issue was addressed by removing the vulnerable code.
  • CVE-2024-44167: ajajfxhj

Printing

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An unencrypted document may be written to a temporary file when using print preview
  • Description: A privacy issue was addressed with improved handling of files.
  • CVE-2024-40826: an anonymous researcher

Safari Private Browsing

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Private Browsing tabs may be accessed without authentication
  • Description: An authentication issue was addressed with improved state management.
  • CVE-2024-44202: Kenneth Chew

Safari Private Browsing

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Private Browsing tabs may be accessed without authentication
  • Description: This issue was addressed through improved state management.
  • CVE-2024-44127: Anamika Adhikari

Sandbox

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to leak sensitive user information
  • Description: This issue was addressed with improved data protection.
  • CVE-2024-40863: Csaba Fitzl (@theevilbit) of Offensive Security

Siri

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An attacker with physical access may be able to access contacts from the lock screen
  • Description: The issue was addressed with improved checks.
  • CVE-2024-44139: Srijan Poudel
  • CVE-2024-44180: Bistrit Dahal

Siri

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access user-sensitive data
  • Description: A privacy issue was addressed by moving sensitive data to a more secure location.
  • CVE-2024-44170: K宝, LFY (@secsys), Smi1e, yulige, Cristian Dinca (icmd.tech), Rodolphe BRUNETTI (@eisw0lf)

Transparency

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An app may be able to access user-sensitive data
  • Description: A permissions issue was addressed with additional restrictions.
  • CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)

UIKit

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An attacker may be able to cause unexpected app termination
  • Description: The issue was addressed with improved bounds checks.
  • CVE-2024-27879: Justin Cohen

WebKit

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: This issue was addressed through improved state management.
  • WebKit Bugzilla: 268724
  • CVE-2024-40857: Ron Masas

WebKit

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: A malicious website may exfiltrate data cross-origin
  • Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins.
  • WebKit Bugzilla: 279452
  • CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India)

Wi-Fi

  • Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Impact: An attacker may be able to force a device to disconnect from a secure network
  • Description: An integrity issue was addressed with Beacon Protection.
  • CVE-2024-40856: Domien Schepers
Version: iOS 18 Link
Receive Important Update Messages Stay tuned for upcoming Apple iOS updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad