With the appearance of iOS 18, Apple had plugged numerous, even heavy security gaps in September. The associated Support document With further information, which bugs this was concrete, however, as often often, in the past, it was incomplete. Like the mastodon account @applsec writeswho pursues Apple security gaps, Apple has submitted some backgrounds this week, but still not all. Users and security experts had to wait almost half a year.
Advertisement
Fifteen additions after half a year
According to @applSec, a total of 15 bug entries for iOS 18 and Ipados 18 were supplemented. These can be seen from the indication that the entry was made on March 3, 2025. The “fresh” bugs include a clickjacking problem with access to the photo-mediathek, various web kit bugs, a system shot about the WLAN routine, the possibility to interrupt a secure WLAN connection, sandbox outbreaks, bugs in the password app, an undesirable reading of contact details by siri or an error in Accessibility framework with which attackers could “control” devices nearby (as exactly, remains unclear).
In addition, there are further entries in which Apple only calls the area in which a bug was present, but no further specific details except the respective tipper (“Additional Recognition”). It remains unclear whether and when information is delivered here. Unfortunately, the group has been pursuing this tactic for a long time. Even serious problems such as a possible form of attack on the “Where is?” Protocol were “hidden” here. In addition to the additions, there were also updates of existing entries – according to the report, a total of seven pieces.
Not just iOS and iPados affected
Apple has also made additional fixes contained in its other operating systems on the information documents. At MacOS 15 there are 14 (four updates), a total of seven (one update) for TVOS 18, a total of five (one update) for Watchos 11 and a total of eight additions to Visionos 2. IOS and IPADOS 17.7 as well as MacOS 13.7 and MacOS 14.7 also received updates (one plus an update for iOS and iPados 17.7).
All in all, this is an unsightly development: users, developers and security specialists have to look closely to determine which gaps Apple stuffed. In some cases, information is only passed on to prevent attacks – since the bugs are “in the wild” in the versions that have not yet been patched, this is not necessarily a wise tactic. Almost six months without details are unacceptable.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.