Apple has rolled out a critical security update in the form of iOS 18.3, urging users to install it immediately to address 29 vulnerabilities, including one that has already been exploited in real-world attacks. The update affects iPhones, iPads, and or Apple devices, patching several serious issues that could expose users to potential security risks.
Vulnerability Exploited in Wild
The most alarming flaw fixed in iOS 18.3 is a vulnerability in CoreMedia, tracked as CVE-2025-24085, which allows a malicious app to elevate its privileges. Apple has confirmed that this flaw has been actively exploited in versions of iOS before iOS 17.2, potentially exposing users to cyberattacks. While Apple has withheld detailed information about flaws to prevent further exploitation, the company strongly advises users to update their devices as soon as possible.
This CoreMedia flaw is not only a critical vulnerability addressed in an update. Apple has also patched two major issues in Kernel, the heart of the iOS operating system. Se flaws tracked as CVE-2025-24107, could allow a malicious app to gain root privileges or execute code with kernel-level access, posing significant risks to device security.
WebKit and AirPlay Flaws
Alongside Kernel and CoreMedia issues, iOS 18.3 fixes several flaws in WebKit, the engine that powers the Safari browser. A bug in WebKit Web Inspector could lead to command injection, where an attacker tricks an application into executing unauthorized operating system commands.
Apple has also addressed a vulnerability in AirPlay (CVE-2025-24137) that could allow remote attackers to cause app crashes or execute arbitrary code. Anor bug in Passkeys could enable adversaries to gain unauthorized access to Bluetooth through malicious applications.
Updates Across the Apple Ecosystem
iOS 18.3 update is part of a broader series of patches for Apple’s ecosystem. Along with iPhone and iPad devices, updates were released for macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3 for Apple Vision Pro, and Safari 18.3. Many of the updates address the same vulnerabilities, including exploited flaws in CoreMedia, ensuring that Apple’s entire ecosystem is safeguarded.
Expert Analysis: Why Update is Critical
Michael Covington, Vice President of Strategy at security firm Jamf, emphasized the importance of installing iOS 18.3 promptly. He noted that the update addresses a wide range of critical services, including Accessibility, AirPlay, CoreMedia, Kernel, Passkeys, Safari, and WebKit. According to Covington, the patch prevents multiple attack vectors that could compromise iOS devices, including memory corruption, denial-of-service attacks, and bypassing locked apps.
“It’s essential for both individuals and organizations to install the updates as quickly as possible,” Covington said. “Staying up to date with the latest patches is one of the most effective ways to safeguard devices against attackers and ensure you stay protected.”
AI Feature for iPhone 15 Models
Alongside security fixes, iOS 18.3 introduces new AI features for iPhone 15 models and above. However, Apple has automatically enabled several features, and users can disable m through settings if preferred. This feature marks a significant move toward integrating more advanced artificial intelligence capabilities into Apple’s mobile devices.
Compatibility and Availability
iOS 18.3 is available for a wide range of devices, including iPhone XS and later, iPad Pro (3rd generation and later), iPad Air (3rd generation and later), iPad 7th generation and later, and iPad Mini (5th generation and later). Apple users are strongly encouraged to update their devices to ensure the highest level of security.
Conclusion: A No-Brainer Update
Given the severity of vulnerabilities patched in iOS 18.3, upgrading as soon as possible is crucial for maintaining device security. The update addresses several flaws that have already been exploited in attacks, underscoring the importance of timely updates in defending against cyber threats. Apple users who have not yet updated should do so without delay to protect themselves from potential security breaches.
