Apple has released iOS 18.5 along with 33 reasons to update now. That\u2019s because the iOS 18.5 upgrade … More comes with a large number of security fixes, some of which are serious.<\/p>\n
Apple iPhone<\/p>\n
Update May 14: This article, originally published May 13, has been updated to include other fixes issued alongside iOS 18.5 including the watchOS flaw being used in attacks, as well as expert analysis.<\/p>\n
Apple has released iOS 18.5 along with 33 reasons to update your iPhone now. That\u2019s because the iOS 18.5 upgrade comes with a large number of security fixes, some of which are for serious flaws.<\/p>\n
Apple doesn\u2019t give away much about what\u2019s fixed in iOS 18.5, to allow as many iPhone users as possible to upgrade before attackers<\/a> can get hold of the details. Among the flaws patched in iOS 18.5 are two in the Kernel at the heart of the iOS operating system, both of which could enable a remote attacker to cause an unexpected app or system termination, according to Apple\u2019s support page<\/a>.<\/p>\n Apple\u2019s iOS 18.5 also fixes multiple bugs in WebKit, the engine that underpins the iPhone maker\u2019s Safari browser. Of these, CVE-2025-24213, reported by the Google V8 Security Team is a type confusion issue that could lead to memory corruption.<\/p>\n ForbesiOS 18\u2014Here\u2019s Why There\u2019s A New Black Dot On Your iPhoneBy Kate O’Flaherty<\/a><\/p>\n Another problem fixed in iOS 18.5 is an issue in Core Bluetooth that could see an app able to access sensitive user data, while a flaw in iCloud document sharing might allow an attacker to turn on sharing of an iCloud folder without authentication. An issue in mDNSResponder tracked as CVE-2025-31222 could enable an adversary to elevate privileges.<\/p>\n Another notable issue patched in iOS 18.5 is, CVE-2024-8176 affecting libexpat \u2014 a code execution vulnerability in open source code, with Apple software among the affected projects.<\/p>\n Apple Issues Multiple Updates Alongside iOS 18.5<\/p>\n Alongside iOS 18.5, Apple issued multiple updates for other devices, including one for a flaw already being exploited in real-life attacks. First things first \u2014 the vulnerability in question is in watchOS, the operating system for Apple\u2019s watch.<\/p>\n Available for the Apple Watch Series 6 and later, watchOS 11.5 patches an issue in the iPhone maker\u2019s CoreAudio, where processing an audio stream in a maliciously crafted media file could result in code execution.<\/p>\n Tracked as CVE-2025-31200, the flaw was reported by Apple and Google Threat Analysis Group \u201cApple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1,\u201d Apple said on its support page.<\/p>\n The more eagled-eyed among you may notice that this watchOS 11.5 flaw has been fixed for Apple\u2019s other devices in an emergency update in between upgrades, iOS 18.4.1<\/a>.<\/p>\n This vulnerability was so serious that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised government agencies and high-risk businesses to upgrade urgently, setting a deadline of May 8 to do so. Needless to say, you need to also treat this watchOS 11.5 update as important and apply it to your device now.<\/p>\n Other updates released by Apple on May 12 include iPadOS 17.7.7<\/a>, with fixes for older iPads. Notably, iOS 17.7.7 is not present \u2014 which indicates that the iPhone maker is no longer upgrading iOS 17 with security fixes if your device can run iOS 18.<\/p>\n I had suspected this for some time, since Apple has been issuing iPadOS 17 updates for several months, with no sign of iOS 17 upgrades alongside them. The iPhone maker usually supports an old operating system for a few months after launching the new one in September, but after that, staying on iOS 17 is a security risk for your iPhone.<\/p>\n Apple has also released macOS Sequoia 15.5, macOS Sonoma 14.7.6 and macOS Ventura for Macs, alongside tvOS 18.5 for the Apple TV HD and Apple TV 4K, visionOS 2.5 for the Apple Vision Pro and Safari 18.5 for its browser.<\/p>\n All for the upgrades issued alongside iOS 18.5 include important fixes, so ensure you are applying them as soon as you can.<\/p>\n Apple\u2019s iOS 18.5 Has A Security Focus<\/p>\n Apple\u2019s big point updates are normally feature heavy, but iOS 18.5 has a security focus, experts say. That makes the update all the more important to apply.<\/p>\n Michael Covington, VP of strategy at Jamf recommends users \u201cupdate as quickly as possible,\u201d pointing out that \u201cthe update is smaller and largely focused on security enhancements.\u201d<\/p>\n He highlights some of iOS 18.5\u2019s privacy-related patches, such as CVE-2025-31253 which addresses a bug where the mute button was not effectively disabling the microphone during FaceTime calls.<\/p>\n Meanwhile, iOS 18.5 features improvements to iCloud data protection, with CVE-2025-30448 addressing a scenario where an attacker might be able to turn on iCloud folder sharing without proper authentication, says Covington.<\/p>\n The iOS 18.5 update\u2019s security focus means it should be on the radar of everyday iPhone users and enterprise IT teams. The fact that none of the iOS 18.5 flaws have been used in real attacks is an opportunity to get one step ahead of adversaries, Covington advises.<\/p>\n In fact, he says now is \u201cthe perfect time to patch all supported devices.\u201d<\/p>\n \u201cUsers and IT teams can celebrate that this release provides a window of opportunity to get ahead of attackers \u2014 it appears that none of the vulnerabilities addressed in iOS 18.5 have yet to be exploited in the wild.\u201d<\/p>\n Why You Should Update Now To iOS 18.5<\/p>\n Apple\u2019s iOS 18.5 is a major point upgrade including over 30 important security fixes as well as enhanced AI privacy<\/a>, updates to the Mail app and a new Pride Harmony wallpaper. It also addresses bugs<\/a> that might have been introduced in the latest iPhone update iOS 18.4.1<\/a>. This all makes the iOS 18.5 update worth applying as soon as possible.<\/p>\n None of the bugs squashed in iOS 18.5 have been exploited in real-life attacks yet. However, it is only a matter of time before more adversaries get hold of the details to perform attacks on people\u2019s iPhones.<\/p>\n