iOS 18.6 brings 29 security fixes

Apple has released iOS 18.6 bringing 29 security fixes and a warning to update your iPhone now.

Aside from the security updates, iOS 18.6 fixes a small bug in Photos that could prevent memory movies from being generated.

For customers in the EU, iOS 18.6 includes a new user experience when customers attempt to install an alternative app marketplace or install apps directly from the web.

This is due to the fact that Apple is rolling out new App Store guidelines and a new user experience for those in the EU, in an attempt to comply with the EU’s Digital Markets Act (DMA).

iOS 18.6 Security Updates

Accessibility

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: Passcode may be read aloud by VoiceOver

Description: A logic issue was addressed with improved checks.

Impact: Privacy Indicators for microphone or camera access may not be correctly displayed

Description: The issue was addressed by adding additional logic.

afclip

Impact: Parsing a file may lead to an unexpected app termination

Description: The issue was addressed with improved memory handling.

CFNetwork

Impact: A non-privileged user may be able to modify restricted network settings

Description: A denial-of-service issue was addressed with improved input validation.

CoreAudio

Impact: Processing a maliciously crafted audio file may lead to memory corruption

Description: The issue was addressed with improved memory handling.

CoreMedia

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CoreMedia Playback

Impact: An app may be able to access user-sensitive data

Description: The issue was addressed with additional permissions checks.

ICU

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: An out-of-bounds access issue was addressed with improved bounds checking.

ImageIO

Impact: Processing a maliciously crafted image may result in disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

libnetcore

Impact: Processing a file may lead to memory corruption

Description: This issue was addressed with improved memory handling.

libxml2

Impact: Processing a file may lead to memory corruption

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

libxslt

Impact: Processing maliciously crafted web content may lead to memory corruption

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

Mail Drafts

Impact: Remote content may be loaded even when the ‘Load Remote Images’ setting is turned off

Description: This issue was addressed through improved state management.

Metal

Impact: Processing a maliciously crafted texture may lead to unexpected app termination

Description: Multiple memory corruption issues were addressed with improved input validation.

Model I/O

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: An out-of-bounds access issue was addressed with improved bounds checking.

Impact: Processing a maliciously crafted file may lead to unexpected app termination.

Impact: Visiting a malicious website may lead to address bar spoofing

Description: The issue was addressed with improved UI.

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: This issue was addressed through improved state management.

Impact: Processing maliciously crafted web content may lead to memory corruption

Description: The issue was addressed with improved memory handling.

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: The issue was addressed with improved memory handling.

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

Impact: Processing maliciously crafted web content may disclose internal states of the app

Description: An out-of-bounds read was addressed with improved input validation.

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A use-after-free issue was addressed with improved memory management.

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

iOS 18.6 Supported Devices

iPhone 16
iPhone 16 Plus
iPhone 16 Pro
iPhone 16 Pro Max
iPhone 15
iPhone 15 Plus
iPhone 15 Pro
iPhone 15 Pro Max
iPhone 14
iPhone 14 Plus
iPhone 14 Pro
iPhone 14 Pro Max
iPhone 13
iPhone 13 mini
iPhone 13 Pro
iPhone 13 Pro Max
iPhone 12
iPhone 12 mini
iPhone 12 Pro
iPhone 12 Pro Max
iPhone 11
iPhone 11 Pro
iPhone 11 Pro Max
iPhone Xs
iPhone XS Max

As normal, to update to iOS 18.6 go to your iPhone Settings > General > Software Update and install iOS 18.6 as soon as you possibly can.

iOS 18.6 brings 29 security fixes

iOS 18.6 Security Updates

Accessibility

afclip

CFNetwork

CoreAudio

CoreMedia

CoreMedia Playback

ICU

ImageIO

libnetcore

libxml2

libxslt

Mail Drafts

Metal

Model I/O

iOS 18.6 Supported Devices

iOS 18.5 brings new Pride Wallpaper and more

Rapid Newsletters