Apple’s long-awaited iOS 18 refresh landed Monday with fixes for at least 33 security vulnerabilities that expose iPhones and iPads to an assortment of malicious hacker attacks.
According to a bulletin from Cupertino, iOS 18 has been fitted with fixes for vulnerabilities in core components including accessibility features, Bluetooth, Control Center, and Wi-Fi, with several flaws allowing unauthorized access to sensitive data or full device control.
The company called attention to several problems in the Accessibility component that allow attackers with physical access to devices to use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication.
Apple also documented a serious bug in the Control Center that could be exploited to allow a mobile app to record the screen without displaying an indicator.
The iOS 18 rollout also fixes a Core Bluetooth flaw that allows a malicious Bluetooth input device to bypass device pairing; a kernel vulnerability that leaks network traffic outside a VPN tunnel; a WiFi bug that allows an attacker to force a device to disconnect from a secure network; and a multiple Safari Private Browsing and sandbox bypasses.
The company did not mark any of the iOS 18 vulnerabilities in the already-exploited category.
Apple also pushed out macOS Sequoia 15 with a massive batch of patches for security defects across various components of the operating system.
The company documented multiple critical macOS vulnerabilities that could allow unauthorized access to sensitive user data, privilege escalation, system modification, and unexpected application crashes.
Related: Apple Suddenly Drops NSO Group Spyware Lawsuit
Related: Apple Blunts Zero-Day Attacks With iOS 17.4 Update
Related: Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation