We know it’s Friday, but we have one more thing for your to-do list: Update your Apple devices. On Monday, Apple released a series of updates to devices that are new and old, and even if you don’t get any new features, there are plenty of security fixes waiting to make your systems safer.
In total, Apple sent nine OS updates and an update to the garage band. The most pressing problem is a zero-day error in Coremedia that has been exploited in nature. The problem was patched in iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, Watchos 11.3, TVOS 18.3 and Visionos 2.3, could allow a malicious app to access “privileged parts of the system.”
But even though it’s the most immediate threat to your device, it’s not the only reason to go in that update button. In total, there are dozens of security fixes for patches across all corners of the system. Here are just some of the important security updates waiting for your device:
AirPlay
- Available to: iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, Watchos 11.3, TVOS 18.3, Visionos 2.3
- Impact: An attacker in a privileged position may be able to perform a denial of service
- Description: The problem was treated with improved memory management.
- CVE-2025-24131: URI KATZ (OLIGO SECURITY)
Nuclear
- Available for: iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, Watchos 11.3, tvos 18.3
- EFFECT: A malicious app may get root rights
- Description: A permit problem was dealt with with additional restrictions.
- CVE-2025-24107: An anonymous researcher
Launch services
- Available for: iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, Watchos 11.3, Visionos 2.3
- IMPACT: An app may possibly fingerprint user
- Description: This problem was addressed with improved editorial of sensitive information.
- CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)
Stage kit
- Available to: iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, MacOS Ventura 13.7.3, MacOS Sonoma 14.7.3, Watchos 11.3, tvos 18.3, Visionos 2.3
- Impact: Parsing of a file can lead to the transfer of user information
- Description: A read outside boundaries was treated with improved boundaries control.
- CVE-2025-24149: Michael Deplant (@izobashi) from Trend Micro Zero Day Initiative
Webkit
- Available to: iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, MacOS Ventura 13.7.3, MacOS Sonoma 14.7.3, Watchos 11.3, tvos 18.3, Visionos 2.3
- Impact: Treatment of web content can lead to a rejection of service
- Description: The problem was treated with improved memory management.
- Webkit Bugzilla: 283889
- CVE-2025-24158: Q1IQ (@Q1IQF) by NUS CURIOSITY AND P1UMER (@P1UMER) from Imperial Global Singapore
Webkit
- Available to: iOS 18.3, iPados 18.3, MacOS Sequoia 15.3, MacOS Ventura 13.7.3, MacOS Sonoma 14.7.3, Watchos 11.3, tvos 18.3, Visionos 2.3
- Effect: Treatment of malicious designed web content can lead to an unexpected process accident
- Description: This question was addressed through improved state management.
- Webkit Bugzilla: 284159
- CVE-2025-24162: LINJY OF HKUS3LAB AND CHLUO BY WHOUUCLAB
To update your devices, open app Settings (or System Settings on a Mac) then General and Software update.