Apple has announced a security update for iOS and iPadOS to patch multiple vulnerabilities. This includes one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar. In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps.

The update is available for - iPhone XS and later; iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later; iPad Pro 11-inch 1st generation and later; iPad Air 3rd generation and later; iPad 7th generation and later; and iPad mini 5th generation and later.

To check if any user is using the latest software version or not, one needs to go to Settings > General > Software Update.

Apple has also released updates for macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, watchOS 11.6, and tvOS 18.6.

Some of the vulnerabilities that Apple patched in this update are -

·         CVE-2025-31229: A logic issue might disclose your passcode by the VoiceOver reading it aloud. VoiceOver is a gesture-based screen reader which allows people to use an iPhone even if they can’t see the screen.

·         CVE-2025-43217: Devices may fail to display the privacy indicators when apps access the microphone or camera, which could prevent users from being notified about this usage.

·         CVE-2025-43227: Visiting a specially crafted malicious website can expose your sensitive information; while Apple has not specified the exact types, data handled by the browser (for example, cookies, authentication tokens, browsing history, and other personal information), could be at risk.

·         CVE-2025-43228: Visiting a malicious website may lead to address bar spoofing. “Address bar spoofing” is when a website tricks your web browser into showing a fake or misleading website address (URL) in the address bar, at the top of your browser window, instead of the website you’re actually visiting.