iOS 18.3—Update Now Warning Issued To All iPhone Users – Forbes
Apple’s iOS 18.3 fixes a hefty list of 29 vulnerabilities, one of which has already been used in … [+] attacks.Update, Jan. 29, 2025: This story, originally published Jan. 27, now includes more details of the fixes issued alongside iOS 18.3 and features such as auto-enabled Apple Intelligence, as well as additional expert analysis on the update.Apple has issued iOS 18.3, along with a warning to update your iPhone now. That’s because iOS 18.3 fixes a hefty list of 29 vulnerabilities, one of which has already been used in attacks.Apple doesn’t give much detail about the issues fixed in iOS 18.3, because it wants to give people as much time to update as possible before attackers can get hold of the details.But the already exploited issue patched in iOS 18.3 is a flaw in CoreMedia tracked as CVE-2025-24085 that could see a malicious application able to elevate privileges.Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2, the iPhone maker said on its support page.Apple’s iOS 18.3 also fixes two bugs in the Kernel at the heart of the iOS operating system. Tracked as CVE-2025-24107, the first flaw could see a malicious app able to gain root privileges. Meanwhile, the second issue could allow an app to execute code with Kernel privileges.The iOS 18.3 update patches several flaws in WebKit, the engine that underpins the Safari browser. A bug in WebKit Web Inspector could lead to command injection — where a malicious hacker tricks an application into executing operating system commands.Meanwhile, an issue in AirPlay tracked as CVE-2025-24137 could allow a remote attacker to cause an unexpected application termination or code execution.Another bug in Passkeys could see an adversary use an app to gain unauthorized access to Bluetooth.Alongside iOS 18.3, iPadOS 18.3 and iPadOS 17.7.4, Apple has issued macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 for its Apple Vision Pro headset and Safari 18.3, fixing many of the same issues — including the already-exploited flaw.Apple released iOS 18.3 alongside iPadOS 17.7.4, but there is no iOS 17.7.4 update yet. This could be because iOS 17 is not affected, or because Apple is no longer offering the update to newer devices, or the details aren’t available yet.But at least for now, the lack of available iOS 17 updates means you will be more secure if you update to iOS 18.The iOS 18.3 upgrade contains “several important security-related fixes,” says Sean Wright, head of application security at Featurespace. Taking this into account, he highly recommends that iOS users update “as soon as they can.”Wright thinks the most concerning of the vulnerabilities fixed in iOS 18.3 are the Kernel flaws, which he warns “could allow an attacker the ability to gain full control of a device.”The Kernel issues patched in iOS 18.3 could be chained with some of the other vulnerabilities, specifically CVE-2025-24150, to enable an attacker to do this remotely, Wright warns.Many of the other vulnerabilities addressed in iOS 18.3 appear to be denial of service or privacy-related, such as those allowing an attacker the ability to fingerprint a user or device, Wright says.It’s also worth noting that the CoreMedia flaw could have been exploited in previous versions of iOS predating iOS 18, says Wright, “This highlights the importance of moving onto iOS 18 now, as it appears that there are no fixes in the older versions of iOS,” he warns.However, Wright thinks there’s one silver lining — the vulnerabilities appear to be difficult to exploit. “As a result, the risk to most users should be low, but it is still important to update when you can.”The bug fixes in the iOS 18.3 release span “a wide number of critical services,” including Accessibility, AirPlay, CoreMedia, Kernel, Passkeys, Safari and Webkit, says Michael Covington, VP of strategy at security outfit Jamf.A close reading of the release notes provides some insight into the threat vectors that could potentially compromise iOS, he says. “In this particular release, we saw patches that prevent locked apps from being bypassed, that block attackers on local networks from corrupting memory, that prevent multiple flavors of denial-of-service attacks — and other fixes that are designed to provide a more secure web browsing experience.”Covington advises users and organizations that rely on iPhones “to install security updates as quickly as possible.”And iOS 18.3 “is no exception,” he says. “Staying up to date with the latest patches is one of the most effective ways to safeguard devices against attackers and ensure you stay protected.”When you do upgrade to iOS 18.3, note that Apple has automatically enabled AI for iPhone 15s and above, so check your settings and disable the features if you want. By its very nature, AI needs data to operate, and while the iPhone maker’s Apple Intelligence offering is privacy-preserving compared to competitors, this is still worth contemplating.Apple applies security and privacy to its AI offering, with data processed on the device when possible and sent to Apple’s secure Private Cloud Compute for more resource-heavy requests.Apple Intelligence now includes updates to the Siri voice assistant that take advantage of the iPhone maker’s partnership with AI giant OpenAI’s ChatGPT. Apple will ask for your permission before sending data to ChatGPT, but when you do use this feature, OpenAI’s less stringent privacy policy applies.Apple’s iOS 18.3 is available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later and iPad mini 5th generation and later.In my mind, upgrading to iOS 18.3 is a no-brainer. The update fixes an issue that’s been exploited in real-life attacks, making it important that you update as soon as possible to keep your iPhone safe.So, what are you waiting for? Go to your iPhone Settings > Software Update and download and install iOS 18.3 now.One Community. Many Voices. Create a free account to share your thoughts. Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.Your post will be rejected if we notice that it seems to contain:User accounts will be blocked if we notice or believe that users are engaged in:So, how can you be a power user?Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
