iPhone向けのiOSやiPad向けのiPadOSの最新メジャーバージョンとして先ごろよりiOS 18.0とiPadOS 18.0が提供開始され、その後、iOS 18.1およびiPadOS 18.1やiOS 18.2およびiPadOS 18.2、iOS 18.3およびiPadOS 18.3、iOS 18.4およびiPadOS 18.4、それらにおける重要なセキュリティー修正を行うiOS 18.4.1およびiPadOS 18.4.1がリリースされていましたが、今回、新たに機能の追加や改善などを行うiOS 18.5およびiPadOS 18.5が配信開始されました。iOS 18.5およびiPadOS 18.5の対象機種は以下の通り。

＜iOS 18対応製品＞
・iPhone 16e
・iPhone 16
・iPhone 16 Plus
・iPhone 16 Pro
・iPhone 16 Pro Max
・iPhone 15
・iPhone 15 Plus
・iPhone 15 Pro
・iPhone 15 Pro Max
・iPhone 14
・iPhone 14 Plus
・iPhone 14 Pro
・iPhone 14 Pro Max
・iPhone 13
・iPhone 13 mini
・iPhone 13 Pro
・iPhone 13 Pro Max
・iPhone 12
・iPhone 12 mini
・iPhone 12 Pro
・iPhone 12 Pro Max
・iPhone 11
・iPhone 11 Pro
・iPhone 11 Pro Max
・iPhone XS
・iPhone XS Max
・iPhone XR
・iPhone SE（第2世代）
・iPhone SE（第3世代）

＜iPadOS 18対応製品＞
・iPad（第7世代）
・iPad（第8世代）
・iPad（第9世代）
・iPad（第10世代）
・iPad（A16）
・iPad mini（第5世代）
・iPad mini（第6世代）
・iPad mini（A17 Pro）
・iPad Air（第3世代）
・iPad Air（第4世代）
・iPad Air（第5世代）
・11インチiPad Air（M2）
・11インチiPad Air（M3）
・13インチiPad Air（M2）
・13インチiPad Air（M3）
・12.9インチiPad Pro（第3世代）
・12.9インチiPad Pro（第4世代）
・12.9インチiPad Pro（第5世代）
・12.9インチiPad Pro（第6世代）
・13インチiPad Pro（M4）
・11インチiPad Pro（第1世代）
・11インチiPad Pro（第2世代）
・11インチiPad Pro（第3世代）
・11インチiPad Pro（第4世代）
・11インチiPad Pro（M4）

更新は従来通り各製品本体のみでOTA（On-The-Air）によりダウンロードで行え、方法としては、「設定」→「一般」→「ソフトウェア・アップデート」から行え、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 15 Pro MaxでiOS 18.4.1からだと1.38GBとなっています。またiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。なお、Appleが案内しているアップデートの内容およびセキュリティーコンテンツの修正は以下の通り。

iOS 18.5
このアップデートには、以下の機能強化とバグ修正も含まれます:

・新しいプライドハーモニーの壁紙
・お子様のデバイスでスクリーンタイムパスコードが使用されると、親/保護者に通知が届くようになりました
・他社製デバイス上のApple TVアプリでコンテンツを購入するときに、“iPhoneで購入”を使用できます
・Apple Vision Proアプリで黒い画面が表示されることがある問題を修正しました
・iPhone 13（すべてのモデル）で通信事業者から提供される衛星通信の機能に対応しました。詳しい情報: https://support.apple.com/ja-jp/122339

一部の機能は、地域やAppleデバイスによっては使用できません。Appleソフトウェアアップデートのセキュリティコンテンツについては、以下をご覧ください: https://support.apple.com/ja-jp/100100

iPadOS 18.5
このアップデートには、以下の機能強化とバグ修正も含まれます:

・新しいプライドハーモニーの壁紙
・お子様のデバイスでスクリーンタイムパスコードが使用されると、親/保護者に通知が届くようになりました
・他社製デバイス上のApple TVアプリでコンテンツを購入するときに、“iPadで購入”を使用できます

一部の機能は、地域やAppleデバイスによっては使用できません。Appleソフトウェアアップデートのセキュリティコンテンツについては、以下をご覧ください: https://support.apple.com/ja-jp/100100

iOS 18.5 and iPadOS 18.5
Released May 12, 2025

- AppleJPEG
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input sanitization.
CVE-2025-31251: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- Baseband
Available for: iPhone 16e
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: This issue was addressed through improved state management.
CVE-2025-31214: 秦若涵, 崔志伟, and 崔宝江

- Call History
Available for: iPhone XS and later
Impact: Call history from deleted apps may still appear in spotlight search results
Description: A privacy issue was addressed by removing sensitive data.
CVE-2025-31225: Deval Jariwala

- Core Bluetooth
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed through improved state management.
CVE-2025-31212: Guilherme Rambo of Best Buddy Apps (rambo.codes)

- CoreAudio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2025-31208: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- CoreGraphics
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2025-31209: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- CoreMedia
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to an unexpected app termination
Description: A use-after-free issue was addressed with improved memory management.
CVE-2025-31239: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- CoreMedia
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory
Description: The issue was addressed with improved input sanitization.
CVE-2025-31233: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- FaceTime
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Muting the microphone during a FaceTime call may not result in audio being silenced
Description: This issue was addressed through improved state management.
CVE-2025-31253: Dalibor Milanovic

- FaceTime
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved UI.
CVE-2025-31210: Andrew James Gonzalez

- FrontBoard
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to enumerate a user's installed apps
Description: A logic issue was addressed with improved checks.
CVE-2025-31207: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab, Duy Trần (@khanhduytran0)

- iCloud Document Sharing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to turn on sharing of an iCloud folder without authentication
Description: This issue was addressed with additional entitlement checks.
CVE-2025-30448: Dayton Pidhirney of Atredis Partners, Lyutoon and YenKoc

- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may lead to a denial-of-service
Description: A logic issue was addressed with improved checks.
CVE-2025-31226: Saagar Jha

- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2025-31219: Michael DePlante (@izobashi) and Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative

- Kernel
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may cause an unexpected app termination
Description: A double free issue was addressed with improved memory management.
CVE-2025-31241: Christian Kohlschütter

- libexpat
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Multiple issues in libexpat, including unexpected app termination or arbitrary code execution
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2024-8176

- Mail Addressing
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing an email may lead to user interface spoofing
Description: An injection issue was addressed with improved input validation.
CVE-2025-24225: Richard Hyunho Im (@richeeta)

- mDNSResponder
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A user may be able to elevate privileges
Description: A correctness issue was addressed with improved checks.
CVE-2025-31222: Paweł Płatek (Trail of Bits)

- Notes
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a device may be able to access notes from the lock screen
Description: The issue was addressed with improved authentication.
CVE-2025-31228: Andr.Ess

- Notes
Available for: iPhone XS and later
Impact: An attacker with physical access to a device may be able to access a deleted call recording
Description: A logic issue was addressed with improved checks.
CVE-2025-31227: Shehab Khan

- Pro Res
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved checks.
CVE-2025-31245: wac

- Pro Res
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved input sanitization.
CVE-2025-31234: CertiK (@CertiK)

- Security
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may be able to leak memory
Description: An integer overflow was addressed with improved input validation.
CVE-2025-31221: Dave G.

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A type confusion issue could lead to memory corruption
Description: This issue was addressed with improved handling of floats.
WebKit Bugzilla: 286694
CVE-2025-24213: Google V8 Security Team

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 289387
CVE-2025-31223: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
WebKit Bugzilla: 289653
CVE-2025-31238: wac working with Trend Micro Zero Day Initiative

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 287577
CVE-2025-24223: rheza (@ginggilBesel) and an anonymous researcher
WebKit Bugzilla: 291506
CVE-2025-31204: Nan Wang(@eternalsakura13)

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved input validation.
WebKit Bugzilla: 289677
CVE-2025-31217: Ignacio Sanmillan (@ulexec)

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 288814
CVE-2025-31215: Jiming Wang and Jikai Ren

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A type confusion issue was addressed with improved state handling.
WebKit Bugzilla: 290834
CVE-2025-31206: an anonymous researcher

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may exfiltrate data cross-origin
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 290992
CVE-2025-31205: Ivan Fratric of Google Project Zero

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: This issue was addressed with improved memory handling.
WebKit Bugzilla: 290985
CVE-2025-31257: Juergen Schmied of Lynck GmbH

Additional recognition
- AirDrop
We would like to acknowledge Dalibor Milanovic for their assistance.

- Kernel
We would like to acknowledge an anonymous researcher for their assistance.

- libnetcore
We would like to acknowledge Hoffcona of ByteDance IES Red Team for their assistance.

- Messages
We would like to acknowledge Paulo Henrique Batista Rosa de Castro (@paulohbrc) for their assistance.

- MobileGestalt
We would like to acknowledge iisBuri for their assistance.

- MobileLockdown
We would like to acknowledge Matthias Frielingsdorf (@helthydriver) of iVerify, an anonymous researcher for their assistance.

- NetworkExtension
We would like to acknowledge Andrei-Alexandru Bleorțu for their assistance.

- Phone
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India for their assistance.

- Photos
We would like to acknowledge Yusuf Kelany for their assistance.

- Safari
We would like to acknowledge Akash Labade, Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India) for their assistance.

- Screenshots
We would like to acknowledge an anonymous researcher for their assistance.

- Shortcuts
We would like to acknowledge Candace Jensen of Kandji, Chi Yuan Chang of ZUSO ART and taikosoup, Egor Filatov (Positive Technologies), Monnier Pascaud for their assistance.

- Siri Suggestions
We would like to acknowledge Jake Derouin (jakederouin.com) for their assistance.

- Spotlight
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India for their assistance.

- WebKit
We would like to acknowledge Mike Dougherty and Daniel White of Google Chrome and an anonymous researcher for their assistance.

■関連リンク
・エスマックス（S-MAX）
・エスマックス（S-MAX） smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 18 関連記事一覧 - S-MAX
・iPadOS 18 関連記事一覧 - S-MAX
・iOS 18 のアップデートについて - Apple サポート (日本)
・iPadOS 18 のアップデートについて - Apple サポート (日本)
・iOS 18.5 および iPadOS 18.5 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート