iPadOS Apple iPadOS Apple iPad Operating System

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Apple iPadOS.

Recent Apple iPadOS Security Advisories

Advisory Title Published
122404 iOS 18.5 and iPadOS 18.5 - Apple Security Content May 12, 2025
122405 iPadOS 17.7.7 - Apple Security Content May 12, 2025
122282 iOS 18.4.1 and iPadOS 18.4.1 - Apple Security Content April 16, 2025
122345 iOS 15.8.4 and iPadOS 15.8.4 - Apple Security Content March 31, 2025
122346 iOS 16.7.11 and iPadOS 16.7.11 - Apple Security Content March 31, 2025
122372 iPadOS 17.7.6 - Apple Security Content March 31, 2025
122371 iOS 18.4 and iPadOS 18.4 - Apple Security Content March 31, 2025
122281 iOS 18.3.2 and iPadOS 18.3.2 - Apple Security Content March 11, 2025
122173 iPadOS 17.7.5 - Apple Security Content February 10, 2025
122174 iOS 18.3.1 and iPadOS 18.3.1 - Apple Security Content February 10, 2025

EOL Dates

Ensure that you are using a supported version of Apple iPadOS. Here are some end of life, and end of support dates for Apple iPadOS.

Release EOL Date Status
18 -
Active

17 -
Active

16 March 31, 2025
EOL

Apple iPadOS 16 became EOL in 2025 and supported ended in 2023

15 March 31, 2025
EOL

Apple iPadOS 15 became EOL in 2025 and supported ended in 2022

14 October 1, 2021
EOL

Apple iPadOS 14 became EOL in 2021 and supported ended in 2021

13 September 16, 2020
EOL

Apple iPadOS 13 became EOL in 2020 and supported ended in 2020

By the Year

In 2025 there have been 197 vulnerabilities in Apple iPadOS with an average score of 6.4 out of ten. Last year, in 2024 iPadOS had 287 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in iPadOS in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.39.




Year Vulnerabilities Average Score
2025 197 6.43
2024 287 6.04
2023 267 6.58
2022 215 7.18
2021 336 6.96
2020 231 7.12
2019 34 7.54
2018 0 0.00

It may take a day or so for new iPadOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple iPadOS Security Vulnerabilities

This issue was addressed with improved checks

CVE-2025-43200 - June 16, 2025

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

This issue was addressed through improved state management

CVE-2025-30466 - May 29, 2025

This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.

A logging issue was addressed with improved data redaction

CVE-2025-31199 - May 29, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

The issue was addressed with improved memory handling

CVE-2025-24184 - May 19, 2025

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.

The issue was addressed with improved checks

CVE-2025-24189 - May 19, 2025

The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.

A logic issue was addressed with improved checks

CVE-2025-31185 - May 19, 2025

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.

A permissions issue was addressed with additional restrictions

CVE-2025-31262 - May 19, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system.

The issue was addressed with improved checks

CVE-2025-31208 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved input sanitization

CVE-2025-31251 - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

This issue was addressed through improved state management

CVE-2025-31214 - May 12, 2025

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.

A privacy issue was addressed by removing sensitive data

CVE-2025-31225 - May 12, 2025

A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.

This issue was addressed through improved state management

CVE-2025-31212 - May 12, 2025

This issue was addressed through improved state management. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. An app may be able to access sensitive user data.

An out-of-bounds read was addressed with improved bounds checking

CVE-2025-31209 - May 12, 2025

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to disclosure of user information.

A use-after-free issue was addressed with improved memory management

CVE-2025-31239 - May 12, 2025

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

The issue was addressed with improved input sanitization

CVE-2025-31233 - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

This issue was addressed through improved state management

CVE-2025-31253 - May 12, 2025

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.

The issue was addressed with improved UI

CVE-2025-31210 - May 12, 2025

The issue was addressed with improved UI. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing web content may lead to a denial-of-service.

A logic issue was addressed with improved checks

CVE-2025-31207 - May 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.

This issue was addressed with additional entitlement checks

CVE-2025-30448 - May 12, 2025

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

A logic issue was addressed with improved checks

CVE-2025-31226 - May 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5. Processing a maliciously crafted image may lead to a denial-of-service.

The issue was addressed with improved memory handling

CVE-2025-31219 - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

A double free issue was addressed with improved memory management

CVE-2025-31241 - May 12, 2025

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

An injection issue was addressed with improved input validation

CVE-2025-24225 - May 12, 2025

An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing.

A correctness issue was addressed with improved checks

CVE-2025-31222 - May 12, 2025

A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.

The issue was addressed with improved authentication

CVE-2025-31228 - May 12, 2025

The issue was addressed with improved authentication. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access notes from the lock screen.

A logic issue was addressed with improved checks

CVE-2025-31227 - May 12, 2025

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.

The issue was addressed with improved checks

CVE-2025-31245 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.

The issue was addressed with improved input sanitization

CVE-2025-31234 - May 12, 2025

The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

An integer overflow was addressed with improved input validation

CVE-2025-31221 - May 12, 2025

An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may be able to leak memory.

The issue was addressed with improved checks

CVE-2025-31223 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

An out-of-bounds read was addressed with improved input validation

CVE-2025-31196 - May 12, 2025

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

This issue was addressed by restricting options offered on a locked device

CVE-2025-30436 - May 12, 2025

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.

The issue was addressed with improved checks

CVE-2025-31238 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

A privacy issue was addressed by removing sensitive data

CVE-2025-31220 - May 12, 2025

A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.

A privacy issue was addressed with improved private data redaction for log entries

CVE-2025-31242 - May 12, 2025

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.

A logging issue was addressed with improved data redaction

CVE-2025-31213 - May 12, 2025

A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.

A permissions issue was addressed with additional restrictions

CVE-2025-24220 - May 12, 2025

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier.

An information disclosure issue was addressed by removing the vulnerable code

CVE-2025-24144 - May 12, 2025

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.

A memory corruption issue was addressed with improved state management

CVE-2025-24111 - May 12, 2025

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

A type confusion issue was addressed with improved state handling

CVE-2025-31206 - May 12, 2025

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved memory handling

CVE-2025-24223 - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved memory handling

CVE-2025-31204 - May 12, 2025

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved input validation

CVE-2025-31217 - May 12, 2025

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved checks

CVE-2025-31215 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.

A double free issue was addressed with improved memory management

CVE-2025-31235 - May 12, 2025

A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.

This issue was addressed with improved memory handling

CVE-2025-31257 - May 12, 2025

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

The issue was addressed with improved checks

CVE-2025-31205 - May 12, 2025

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.

An app could impersonate system notifications

CVE-2025-24091 - April 30, 2025

An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.

An integer overflow was addressed with improved input validation

CVE-2025-31203 - April 29, 2025

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

A null pointer dereference was addressed with improved input validation

CVE-2025-24179 - April 29, 2025

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.3 and iPadOS 18.3, visionOS 2.3, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, macOS Sequoia 15.3, tvOS 18.3. An attacker on the local network may be able to cause a denial-of-service.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple iPadOS or by Apple? Click the Watch button to subscribe.

Apple
Vendor

Apple iPadOS
Apple iPad Operating System

subscribe