Home / mailings APPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3
Posted on 12 December 2025
Apple Security-announceAPPLE-SA-12-12-2025-2 iOS 18.7.3 and iPadOS 18.7.3
iOS 18.7.3 and iPadOS 18.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125885.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AppleJPEG
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a file may lead to memory corruption
Description: The issue was addressed with improved bounds checks.
CVE-2025-43539: Michael Reeves (@IntegralPilot)
Call History
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An attacker may be able to spoof their FaceTime caller ID
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2025-46287: an anonymous researcher, Riley Walz
curl
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Multiple issues in curl
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-7264
CVE-2025-9086
FaceTime
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Password fields may be unintentionally revealed when remotely
controlling a device over FaceTime
Description: This issue was addressed with improved state management.
CVE-2025-43542: Yi=C4=9Fit Ocak
Foundation
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing malicious data may lead to unexpected app termination
Description: A memory corruption issue was addressed with improved
bounds checking.
CVE-2025-43532: Andrew Calvano and Lucas Pinheiro of Meta Product
Security
Icons
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to identify what other apps a user has
installed
Description: A permissions issue was addressed with additional
restrictions.
CVE-2025-46279: Duy Tr=E1=BA=A7n (@khanhduytran0)
Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to elevate privileges
Description: A logic issue was addressed with improved checks.
CVE-2025-43512: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to gain root privileges
Description: An integer overflow was addressed by adopting 64-bit
timestamps.
CVE-2025-46285: Kaitao Xie and Xiaolong Bai of Alibaba Group
libarchive
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple
Software is among the affected projects. The CVE-ID was assigned by a
third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-5918
Messages
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: An information disclosure issue was addressed with improved
privacy controls.
CVE-2025-46276: Rosyna Keller of Totally Not Malicious Software
Screen Time
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2025-43538: Iv=C3=A1n Savransky
Settings
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved checks.
CVE-2025-43530: Mickey Jin (@patch1t)
Telephony
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with additional entitlement
checks.
CVE-2025-46292: Rosyna Keller of Totally Not Malicious Software
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 300774
WebKit Bugzilla: 301338
CVE-2025-43535: Nan Wang (@eternalsakura13), Google Big Sleep
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected Safari crash
Description: A type confusion issue was addressed with improved state
handling.
WebKit Bugzilla: 301257
CVE-2025-43541: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A buffer overflow issue was addressed with improved memory
handling.
WebKit Bugzilla: 301371
CVE-2025-43501: Hossein Lotfi (@hosselot) of Trend Micro Zero Day
Initiative
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 301726
CVE-2025-43536: Nan Wang (@eternalsakura13)
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an
unexpected process crash
Description: A race condition was addressed with improved state
handling.
WebKit Bugzilla: 301940
CVE-2025-43531: Phil Pizlo of Epic Games
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
exploited in an extremely sophisticated attack against specific targeted
individuals on versions of iOS before iOS 26. CVE-2025-14174 was also
issued in response to this report.
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 302502
CVE-2025-43529: Google Threat Analysis Group
WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later, iPad 7th generation and later, and
iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory
corruption. Apple is aware of a report that this issue may have been
exploited in an extremely sophisticated attack against specific targeted
individuals on versions of iOS before iOS 26. CVE-2025-43529 was also
issued in response to this report.
Description: A memory corruption issue was addressed with improved
validation.
WebKit Bugzilla: 303614
CVE-2025-14174: Apple and Google Threat Analysis Group
Additional recognition
Siri
We would like to acknowledge Richard Hyunho Im (@richeeta) at Route Zero
Security (routezero.security) for their assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 18.7.3 and iPadOS 18.7.3".
All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
