Apple has rolled out iOS 18.2 and iPadOS 18.2 updates, providing critical security fixes for its devices, including iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad, and iPad mini generations.

According to Apple, these updates address a series of vulnerabilities, some of which could potentially expose users to significant risks.

The tech giant refrains from disclosing details of vulnerabilities until investigations are completed and patches are made available. Here is a breakdown of the key issues addressed in the latest update:

Data Privacy Risks Multiple vulnerabilities were patched in AppleMobileFileIntegrity, which could have allowed malicious applications to access sensitive information. As per the company, researchers Mickey Jin and Arsenii Kostromin, along with others, identified these flaws, highlighting potential risks to user privacy.

Similarly, a permissions issue in Crash Reporter was rectified, ensuring apps cannot access sensitive user data without proper authorisation.

Kernel Security Enhancements Several kernel-related vulnerabilities were addressed. One issue, identified by Joseph Ravichandran, involved a race condition that could lead to the leakage of sensitive kernel states. Another kernel flaw could potentially allow attackers to corrupt memory or cause unexpected system terminations. These vulnerabilities have been fixed with improved validation and memory handling mechanisms.

WebKit and Image Handling Issues WebKit, the engine powering Apple’s Safari browser, was a focus of this update. Researchers uncovered multiple flaws in processing maliciously crafted web content, which could result in memory corruption or process crashes. Apple resolved these issues with enhanced memory handling and better checks.

In addition, vulnerabilities in ImageIO and FontParser were patched to prevent the disclosure of process memory when handling maliciously crafted images or fonts.

Application Privilege Management Issues in libxpc allowed applications to either escape sandbox restrictions or gain elevated privileges, posing significant risks to device security. Apple implemented logic checks to mitigate these threats.

Miscellaneous Fixes The update also addressed a Safari issue where adding websites to the Reading List while using Private Relay could reveal the user’s originating IP address. Additionally, improvements to VoiceOver ensure that attackers with physical access to a device cannot view notification content from the lock screen.