iPhone向けのiOSやiPad向けのiPadOSの最新メジャーバージョンとして先ごろよりiOS 18.0とiPadOS 18.0が提供開始され、その後、iOS 18.1およびiPadOS 18.1やiOS 18.2およびiPadOS 18.2、それらにおける重要なセキュリティー修正を行うiOS 18.2.1およびiPadOS 18.2.1がリリースされていましたが、今回、新たに機能の追加や改善などを行うiOS 18.3およびiPadOS 18.3が配信開始されました。iOS 18.3およびiPadOS 18.3の対象機種は以下の通り。

＜iOS 18対応製品＞
・iPhone 16
・iPhone 16 Plus
・iPhone 16 Pro
・iPhone 16 Pro Max
・iPhone 15
・iPhone 15 Plus
・iPhone 15 Pro
・iPhone 15 Pro Max
・iPhone 14
・iPhone 14 Plus
・iPhone 14 Pro
・iPhone 14 Pro Max
・iPhone 13
・iPhone 13 mini
・iPhone 13 Pro
・iPhone 13 Pro Max
・iPhone 12
・iPhone 12 mini
・iPhone 12 Pro
・iPhone 12 Pro Max
・iPhone 11
・iPhone 11 Pro
・iPhone 11 Pro Max
・iPhone XS
・iPhone XS Max
・iPhone XR
・iPhone SE（第2世代）
・iPhone SE（第3世代）

＜iPadOS 18対応製品＞
・iPad（第7世代）
・iPad（第8世代）
・iPad（第9世代）
・iPad（第10世代）
・iPad mini（第5世代）
・iPad mini（第6世代）
・iPad mini（A17 Pro）
・iPad Air（第3世代）
・iPad Air（第4世代）
・iPad Air（第5世代）
・11インチiPad Air（M2）
・13インチiPad Air（M2）
・12.9インチiPad Pro（第3世代）
・12.9インチiPad Pro（第4世代）
・12.9インチiPad Pro（第5世代）
・12.9インチiPad Pro（第6世代）
・13インチiPad Pro（M4）
・11インチiPad Pro（第1世代）
・11インチiPad Pro（第2世代）
・11インチiPad Pro（第3世代）
・11インチiPad Pro（第4世代）
・11インチiPad Pro（M4）

更新は従来通り各製品本体のみでOTA（On-The-Air）によりダウンロードで行え、方法としては、「設定」→「一般」→「ソフトウェア・アップデート」から行え、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 15 Pro MaxでiOS 18.2.1からだと956.3MBとなっています。またiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。なお、Appleが案内しているアップデートの内容およびセキュリティーコンテンツの修正は以下の通り。

iOS 18.3
このアップデートには、iPhone用の機能強化、バグ修正、およびセキュリティアップデートが含まれます。

このアップデートには、以下の機能強化とバグ修正が含まれます:
・“計算機”で、等号をもう一度タップすると、最後の数式の演算を繰り返すことができます
・タイプ入力によるSiriへのリクエストを開始するとキーボードが表示されなくなることがある問題を修正
・Apple Musicを終了したあとも曲が終わるまでオーディオ再生が続く問題を解決
一部の機能は、地域やAppleデバイスによっては使用できません。

Appleソフトウェアアップデートのセキュリティコンテンツについては、以下をご覧ください: https://support.apple.com/ja-jp/100100

iPadOS 18.3
このアップデートには、iPad用の機能強化、バグ修正、およびセキュリティアップデートが含まれます。

このアップデートには、以下の機能強化とバグ修正が含まれます:
・“計算機”で、等号をもう一度タップすると、最後の数式の演算を繰り返すことができます
・タイプ入力によるSiriへのリクエストを開始するとキーボードが表示されなくなることがある問題を修正
・Apple Musicを終了したあとも曲が終わるまでオーディオ再生が続く問題を解決
一部の機能は、地域やAppleデバイスによっては使用できません。

Appleソフトウェアアップデートのセキュリティコンテンツについては、以下をご覧ください: https://support.apple.com/ja-jp/100100

iOS 18.3 and iPadOS 18.3
Released January 27, 2025

- Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to an unlocked device may be able to access Photos while the app is locked
Description: An authentication issue was addressed with improved state management.
CVE-2025-24141: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India

- AirPlay
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker on the local network may be able to cause unexpected system termination or corrupt process memory
Description: An input validation issue was addressed.
CVE-2025-24126: Uri Katz (Oligo Security)

- AirPlay
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may cause an unexpected app termination
Description: A type confusion issue was addressed with improved checks.
CVE-2025-24129: Uri Katz (Oligo Security)

- AirPlay
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker in a privileged position may be able to perform a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24131: Uri Katz (Oligo Security)

- AirPlay
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2025-24177: Uri Katz (Oligo Security)

- AirPlay
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A type confusion issue was addressed with improved checks.
CVE-2025-24137: Uri Katz (Oligo Security)

- ARKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24127: Minghao Lin (@Y1nKoc), babywu, and Xingwei Lin of Zhejiang University

- CoreAudio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24160: Google Threat Analysis Group
CVE-2025-24161: Google Threat Analysis Group
CVE-2025-24163: Google Threat Analysis Group

- CoreMedia
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-24123: Desmond working with Trend Micro Zero Day Initiative
CVE-2025-24124: Pwn2car & Rotiple (HyeongSeok Jang) working with Trend Micro Zero Day Initiative

- CoreMedia
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Description: A use after free issue was addressed with improved memory management.
CVE-2025-24085

- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2025-24086: DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat, D4m0n

- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A malicious app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2025-24107: an anonymous researcher

- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2025-24159: pattern-f (@pattern_F_)

- LaunchServices
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to fingerprint the user
Description: This issue was addressed with improved redaction of sensitive information.
CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)

- libxslt
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
CVE-2025-24166: Ivan Fratric of Google Project Zero

- Managed Configuration
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files
Description: This issue was addressed with improved handling of symlinks.
CVE-2025-24104: Hichem Maloufi, Hakim Boukhadra

- Passkeys
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may gain unauthorized access to Bluetooth
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-9956: mastersplinter

- Safari
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed by adding additional logic.
CVE-2025-24128: @RenwaX23

- Safari
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Visiting a malicious website may lead to user interface spoofing
Description: The issue was addressed with improved UI.
CVE-2025-24113: @RenwaX23

- SceneKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

- Time Zone
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to view a contact's phone number in system logs
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2025-24145: Kirin (@Pwnrin)

- WebContentFilter
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2025-24154: an anonymous researcher

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: The issue was addressed with improved access restrictions to the file system.
WebKit Bugzilla: 283117
CVE-2025-24143: an anonymous researcher

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 283889
CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore.

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 284159
CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLab

- WebKit Web Inspector
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Copying a URL from Web Inspector may lead to command injection
Description: A privacy issue was addressed with improved handling of files.
WebKit Bugzilla: 283718
CVE-2025-24150: Johan Carlsson (joaxcar)

Additional recognition
- Accessibility
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from LNCT Bhopal and C-DAC Thiruvananthapuram India for their assistance.

- Audio
We would like to acknowledge Google Threat Analysis Group for their assistance.

- CoreAudio
We would like to acknowledge Google Threat Analysis Group for their assistance.

- CoreMedia Playback
We would like to acknowledge Song Hyun Bae (@bshyuunn) and Lee Dong Ha (Who4mI) for their assistance.

- Files
We would like to acknowledge Chi Yuan Chang of ZUSO ART and taikosoup for their assistance.

- Notifications
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College of Technology Bhopal India, Xingjian Zhao (@singularity-s0) for their assistance.

- Passwords
We would like to acknowledge Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_co for their assistance.

- Phone
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India and an anonymous researcher for their assistance.

- Screenshots
We would like to acknowledge Yannik Bloscheck (yannikbloscheck.com) for their assistance.

- Sleep
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from LNCT Bhopal and C-DAC Thiruvananthapuram India for their assistance.

- Static Linker
We would like to acknowledge Holger Fuhrmannek for their assistance.

- VoiceOver
We would like to acknowledge Bistrit Dahal, Dalibor Milanovic for their assistance.

■関連リンク
・エスマックス（S-MAX）
・エスマックス（S-MAX） smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 18 関連記事一覧 - S-MAX
・iPadOS 18 関連記事一覧 - S-MAX
・iOS 18 のアップデートについて - Apple サポート (日本)
・iPadOS 18 のアップデートについて - Apple サポート (日本)
・iOS 18.3 および iPadOS 18.3 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート