Apple iPadOS Apple iPad Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple iPadOS.
Recent Apple iPadOS Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 125633 | iOS 18.7.2 and iPadOS 18.7.2 - Apple Security Content | November 5, 2025 |
| 125632 | iOS 26.1 and iPadOS 26.1 - Apple Security Content | November 3, 2025 |
| 125326 | iOS 26.0.1 and iPadOS 26.0.1 - Apple Security Content | September 29, 2025 |
| 125327 | iOS 18.7.1 and iPadOS 18.7.1 - Apple Security Content | September 29, 2025 |
| 125141 | iOS 16.7.12 and iPadOS 16.7.12 - Apple Security Content | September 15, 2025 |
| 125109 | iOS 18.7 and iPadOS 18.7 - Apple Security Content | September 15, 2025 |
| 125108 | iOS 26 and iPadOS 26 - Apple Security Content | September 15, 2025 |
| 125142 | iOS 15.8.5 and iPadOS 15.8.5 - Apple Security Content | September 15, 2025 |
| 124925 | iOS 18.6.2 and iPadOS 18.6.2 - Apple Security Content | August 20, 2025 |
| 124926 | iPadOS 17.7.10 - Apple Security Content | August 20, 2025 |
EOL Dates
Ensure that you are using a supported version of Apple iPadOS. Here are some end of life, and end of support dates for Apple iPadOS.
| Release | EOL Date | Status |
|---|---|---|
| 26 | - |
Active
|
| 18 | - |
Active
|
| 17 | - |
Active
|
| 16 | March 31, 2025 |
EOL
Apple iPadOS 16 became EOL in 2025 and supported ended in 2023 |
| 15 | March 31, 2025 |
EOL
Apple iPadOS 15 became EOL in 2025 and supported ended in 2022 |
| 14 | October 1, 2021 |
EOL
Apple iPadOS 14 became EOL in 2021 and supported ended in 2021 |
| 13 | September 16, 2020 |
EOL
Apple iPadOS 13 became EOL in 2020 and supported ended in 2020 |
By the Year
In 2025 there have been 329 vulnerabilities in Apple iPadOS with an average score of 6.5 out of ten. Last year, in 2024 iPadOS had 290 security vulnerabilities published. That is, 39 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.28.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 329 | 6.49 |
| 2024 | 290 | 6.21 |
| 2023 | 267 | 6.78 |
| 2022 | 215 | 7.18 |
| 2021 | 336 | 6.96 |
| 2020 | 231 | 7.12 |
| 2019 | 34 | 7.54 |
It may take a day or so for new iPadOS vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple iPadOS Security Vulnerabilities
Apple iOS/iPadOS Locked Device Options Exposure CVE-2025-43418 Fixed 18.7.2
CVE-2025-43418
4.6 - Medium
- November 05, 2025
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to a locked device may be able to view sensitive user information.
Authorization
iOS 26 DoS: Unprivileged process can terminate root procs
CVE-2025-43365
2.8 - Low
- November 04, 2025
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An unprivileged process may be able to terminate a root processes.
Improper Input Validation
Apple Safari 26.1: Web Content Crash Vulnerability
CVE-2025-43430
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
iOS/iPadOS 26.1 Data Redaction Logging Bug Exposes Sensitive User Data
CVE-2025-43426
5.5 - Medium
- November 04, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.
Insertion of Sensitive Information into Log File
Apple OSs: watchOS 26.1/iOS 26.1/iPadOS 26.1/visionOS 26.1 Memory Leak/Kernel Corruption
CVE-2025-43447
5.5 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Buffer Overflow
Apple iOS 26.1: Privacy Preference Bypass via Sensitive Data Leak
CVE-2025-43502
7.5 - High
- November 04, 2025
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. An app may be able to bypass certain Privacy preferences.
Authorization
Apple iOS OOB Access via Malicious Media (fixed 26.1)
CVE-2025-43386
7.1 - High
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Apple OS Sensitive Data Access Vulnerability (CVE-2025-43345)
CVE-2025-43345
5.5 - Medium
- November 04, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data.
Information Disclosure
Apple Safari 26.1 Address Bar Spoofing (CVE-2025-43493)
CVE-2025-43493
4.3 - Medium
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to address bar spoofing.
Authentication Bypass by Spoofing
Apple OS UI Spoofing (before 26.1)
CVE-2025-43503
4.3 - Medium
- November 04, 2025
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to user interface spoofing.
Authentication Bypass by Spoofing
iOS Camera View Info Leak Before Camera Access < 26.1
CVE-2025-43450
7.5 - High
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to learn information about the current camera view before being granted camera access.
Authorization
Apple iOS/iPadOS/macOS Temp File Privacy Bug (Fixed in 26.1 / 14.8.2)
CVE-2025-43391
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
Information Disclosure
iOS LockScreen Notification Exposure CVE-2025-43309
CVE-2025-43309
2.4 - Low
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
Authorization
Sandbox Escape in Apple OS via Entitlement Issue (pre-26.1)
CVE-2025-43407
7.8 - High
- November 04, 2025
This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to break out of its sandbox.
Authorization
Apple Safari 26.1 unexpected crash via crafted web content
CVE-2025-43427
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
Safari/iOS memory corruption via web content, fixed v26.1
CVE-2025-43431
8.8 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption.
Apple OS Symlink Validation Flaw Allows Data Access (pre-26.1)
CVE-2025-43379
5.5 - Medium
- November 04, 2025
This issue was addressed with improved validation of symlinks. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may be able to access protected user data.
insecure temporary file
Safari UA-FREE Crash before 26.1 on iOS/iPadOS/watchOS, visionOS
CVE-2025-43457
6.5 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple Safari CVE-2025-43441: Mem Crash (<=26.0), Fixed 26.1
CVE-2025-43441
4.3 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple macOS/iOS Media Parser OOB Issue (CVE-2025-43338)
CVE-2025-43338
7.1 - High
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
XSS
Apple OS 26.1 App Enumeration Permission Escalation
CVE-2025-43436
7.5 - High
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.
Authentication Bypass Using an Alternate Path or Channel
Apple OS Auth Issue Fixed in 26.1/15.7.2/14.8.2
CVE-2025-43498
5.5 - Medium
- November 04, 2025
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data.
Authorization
macOS Sonoma/Sequoia Entitlement Check Flaw: App Access to Sensitive Data
CVE-2025-43499
5.5 - Medium
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access sensitive user data.
Authorization
Safari/iOS/iPadOS Array Allocation Sinking Crash pre-26.1
CVE-2025-43421
4.3 - Medium
- November 04, 2025
Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Out-of-bounds Read
Apple iOS Logical Issue enabling physical attacker to see data fixed 26.1
CVE-2025-43460
4.6 - Medium
- November 04, 2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.
Information Disclosure
Apple visionOS/iOS Fingerprint Vulnerability via Entitlement Checks
CVE-2025-43323
8.1 - High
- November 04, 2025
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to fingerprint the user.
Information Disclosure
Apple iOS 26.1 keystroke monitoring vulnerability CVE-2025-43495
CVE-2025-43495
5.4 - Medium
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to monitor keystrokes without user permission.
Information Disclosure
Safari Crash via Malformed Web Content Fixed in 26.1
CVE-2025-43440
6.5 - Medium
- November 04, 2025
This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
XSS
Apple OS Remote Images Load Even When Setting Turned Off (Fixed 26.1/15.7.2)
CVE-2025-43496
7.5 - High
- November 04, 2025
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.
Privacy violation
Safari use-after-free crash on watchOS/iOS @26.1
CVE-2025-43438
4.3 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Cross-Origin Data Exfiltration in Safari 26.1 (CVE-2025-43480)
CVE-2025-43480
8.1 - High
- November 04, 2025
The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A malicious website may exfiltrate data cross-origin.
Permissive Cross-domain Policy with Untrusted Domains
Apple Safari <26.1 Process Crash via Malicious Web Content
CVE-2025-43443
4.3 - Medium
- November 04, 2025
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Privacy Flaw: Screenshots of Embedded Views in Apple iOS/watchOS 26.1
CVE-2025-43455
5.5 - Medium
- November 04, 2025
A privacy issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
Information Disclosure
Apple iOS 26.1/iPadOS 26.1 Stolen Device Protection Disable via Physical Access
CVE-2025-43422
4.6 - Medium
- November 04, 2025
The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection.
UAF in Safari, iOS & WatchOS 26.1: Crash Fixed
CVE-2025-43434
4.3 - Medium
- November 04, 2025
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Dangling pointer
Apple OS Kernel OOB Read Fixed iOS26 & macOS14.8.2/15.7.2
CVE-2025-43361
7.8 - High
- November 04, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26. A malicious app may be able to read kernel memory.
Out-of-bounds Read
Apple macOS Sequoia 15.7.2 OoB Read DoS CVE-2025-43377
CVE-2025-43377
5.5 - Medium
- November 04, 2025
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to cause a denial-of-service.
Out-of-bounds Read
Apple OS memory corruption causing appinitiated termination pre26.1
CVE-2025-43398
5.5 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to cause unexpected system termination.
Buffer Overflow
Apple Safari DNS Leak via Private Relay Logic Flaw
CVE-2025-43376
- November 04, 2025
A logic issue was addressed with improved state management. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.
macOS Sequoia 15.7.2: App Access to Protected Data (Redaction Flaw)
CVE-2025-43399
7.5 - High
- November 04, 2025
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to access protected user data.
Privacy violation
Safari 26.1 Crash via Malicious Web Content (State Mgmt)
CVE-2025-43458
4.3 - Medium
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Improper Input Validation
iOS/iPadOS UI Glitch Exposes Password Fields
CVE-2025-43360
5.5 - Medium
- November 04, 2025
The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed.
Apple Safari Memory Corruption via Malicious Web Content
CVE-2025-43419
8.8 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.
Buffer Overflow
Apple OS Kernel Memory Corruption CVE-2025-43462 (fixed 26.1)
CVE-2025-43462
7.5 - High
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Resource Exhaustion
Apple Safari 26.1 Memory Handling Crash via Malicious Web Content
CVE-2025-43435
4.3 - Medium
- November 04, 2025
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Buffer Overflow
Apple OS Data Redaction Flaw in System Logging (fixed 26.1, 15.7.2)
CVE-2025-43423
2 - Low
- November 04, 2025
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging.
Apple iOS/iPadOS 26.1 Persistent Unlock Failure
CVE-2025-43454
7.5 - High
- November 04, 2025
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A device may persistently fail to lock.
Authorization
Apple iOS/watchOS/iPadOS privacy flaw allows user fingerprinting before 26.1
CVE-2025-43507
6.5 - Medium
- November 04, 2025
A privacy issue was addressed by moving sensitive data. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to fingerprint the user.
Incorrect Default Permissions
iOS 26.0 Permission Flaw Exposes Installed App List
CVE-2025-43442
3.3 - Low
- November 04, 2025
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to identify what other apps a user has installed.
Incorrect Default Permissions
OOA in Apple OS Media Processor (fixed iOS 26.1, macOS 15.7.2)
CVE-2025-43383
4.3 - Medium
- November 04, 2025
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple iPadOS or by Apple? Click the Watch button to subscribe.
