iOS 18: Apple provides information on security patches, but not for everyone
There is still no further information from Apple on some of the holes plugged in iOS 18. This has now changed to some extent.
Apple logo and an open lock: It now takes a long time for all the information on security patches to become available.
(Image: Alberto Garcia Guillen/Shutterstock.com)
With the release of iOS 18 in September, Apple patched numerous security vulnerabilities, including serious ones. However, as has often been the case in the past, the accompanying support document with further information on the specific bugs was incomplete. As the Mastodon account @ApplSec, which tracks Apple security vulnerabilities, writes, Apple has provided some background information this week, but still not all of it. Users and security experts had to wait almost half a year for these.
Fifteen additions after half a year
According to @ApplSec, a total of 15 bug entries have been added for iOS 18 and iPadOS 18. These can be recognized by the note that the entry was made on 3 March 2025. The “fresh” bugs include a clickjacking problem with the ability to access the photo library, various WebKit bugs, a system shutdown via the Wi-Fi routine, the ability to interrupt a secure Wi-Fi connection, sandbox outbreaks, bugs in the Passwords app, an unwanted readout of contact data using Siri or a bug in the accessibility framework that allowed attackers to “control” nearby devices (how exactly remains unclear).
Videos by heise
In addition, there are other entries in which Apple only mentions the area in which a bug was present, but no further concrete details besides the respective tipster (“Additional Recognition”). It remains unclear whether and when additional information will be provided. Unfortunately, the company has been pursuing this tactic for a long time. Serious issues such as a possible form of attack on the “Where is?” protocol were also “hidden” here. In addition to the additions, there were also updates to existing entries –. According to the report, there were seven in total.
Not only iOS and iPadOS affected
Apple has also made additions and updates to the information documents for fixes contained in its other operating systems. For macOS 15 there are 14 (four updates), for tvOS 18 a total of seven (one update), for watchOS 11 a total of five (one update) and for visionOS 2 a total of eight additions. iOS and iPadOS 17.7 as well as macOS 13.7 and macOS 14.7 also received updates (one plus one update each for iOS and iPadOS 17.7).
All in all, this is an unpleasant development: users, developers and security experts have to take a close look to see which gaps Apple has plugged. In some cases, information is only passed on late to prevent attacks – but as the bugs in the unpatched versions are “in the wild”, this is not necessarily a smart tactic. However, almost six months without details is unacceptable.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
