Apple has issued critical security updates for iOS and iPadOS, addressing nearly 30 vulnerabilities — including flaws that could leak sensitive information or allow attackers to spoof trusted websites in the browser.

These updates, now available as iOS 18.6 and iPadOS 18.6, are especially important given that most of the patched vulnerabilities stem from WebKit, Apple’s browser engine that powers Safari and renders web content across many iOS and iPadOS apps.

Who Should Update

Apple recommends users of the following devices install the update as soon as possible:

• iPhone XS and newer
• iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen+), iPad Pro 11-inch (1st gen+)
• iPad Air (3rd gen and later)
• iPad (7th gen and later)
• iPad mini (5th gen and later)

To ensure your device is up to date, navigate to Settings > General > Software Update. Make sure you’re running iOS 18.6 or iPadOS 18.6. It’s also a good time to enable Automatic Updates if you haven’t already.

In addition to iOS and iPadOS, Apple also released patches for:

• macOS Sequoia 15.6
• macOS Sonoma 14.7.7
• macOS Ventura 13.7.7
• watchOS 11.6
• tvOS 18.6

Key Vulnerabilities Patched

Among the 29 vulnerabilities addressed, here are some of the most noteworthy:

• CVE-2025-31229: A logic flaw in VoiceOver could cause your passcode to be read aloud, potentially exposing sensitive credentials.
• CVE-2025-43217: Some devices may fail to show privacy indicators when the camera or microphone is in use, leaving users unaware of ongoing data access.
• CVE-2025-43227: Visiting a malicious site could leak sensitive information such as cookies, authentication tokens, browsing history, or other private browser data.
• CVE-2025-43228: A spoofing vulnerability could let attackers fake the address bar, displaying a trusted domain while the user is actually on a malicious site. This makes phishing attacks harder to detect and far more convincing.

Why This Matters

As browser-based threats and phishing attacks become more sophisticated, these kinds of vulnerabilities — especially those affecting how users perceive website trustworthiness — represent serious risks to user security and privacy.

With attackers constantly innovating, keeping your devices up to date is one of the most effective ways to stay protected.

Final Tip: If your organization manages mobile devices, consider enforcing mobile OS version compliance via MDM and performing regular vulnerability assessments to detect unpatched devices in your fleet.

Source: https://www.malwarebytes.com/blog/news/2025/07/apple-patches-multiple-vulnerabilities-in-ios-and-ipados-update-now