iPhone向けのiOSやiPad向けのiPadOSの最新メジャーバージョンとして先ごろよりiOS 18.0とiPadOS 18.0が提供開始され、その後、iOS 18.1およびiPadOS 18.1やiOS 18.2およびiPadOS 18.2、iOS 18.3およびiPadOS 18.3、iOS 18.4およびiPadOS 18.4、iOS 18.5およびiPadOS 18.5がリリースされていましたが、今回、新たに不具合や脆弱性などを修正するiOS 18.6およびiPadOS 18.6が配信開始されました。iOS 18.6およびiPadOS 18.6の対象機種は以下の通り。

＜iOS 18対応製品＞
・iPhone 16e
・iPhone 16
・iPhone 16 Plus
・iPhone 16 Pro
・iPhone 16 Pro Max
・iPhone 15
・iPhone 15 Plus
・iPhone 15 Pro
・iPhone 15 Pro Max
・iPhone 14
・iPhone 14 Plus
・iPhone 14 Pro
・iPhone 14 Pro Max
・iPhone 13
・iPhone 13 mini
・iPhone 13 Pro
・iPhone 13 Pro Max
・iPhone 12
・iPhone 12 mini
・iPhone 12 Pro
・iPhone 12 Pro Max
・iPhone 11
・iPhone 11 Pro
・iPhone 11 Pro Max
・iPhone XS
・iPhone XS Max
・iPhone XR
・iPhone SE（第2世代）
・iPhone SE（第3世代）

＜iPadOS 18対応製品＞
・iPad（第7世代）
・iPad（第8世代）
・iPad（第9世代）
・iPad（第10世代）
・iPad（A16）
・iPad mini（第5世代）
・iPad mini（第6世代）
・iPad mini（A17 Pro）
・iPad Air（第3世代）
・iPad Air（第4世代）
・iPad Air（第5世代）
・11インチiPad Air（M2）
・11インチiPad Air（M3）
・13インチiPad Air（M2）
・13インチiPad Air（M3）
・12.9インチiPad Pro（第3世代）
・12.9インチiPad Pro（第4世代）
・12.9インチiPad Pro（第5世代）
・12.9インチiPad Pro（第6世代）
・13インチiPad Pro（M4）
・11インチiPad Pro（第1世代）
・11インチiPad Pro（第2世代）
・11インチiPad Pro（第3世代）
・11インチiPad Pro（第4世代）
・11インチiPad Pro（M4）

更新は従来通り各製品本体のみでOTA（On-The-Air）によりダウンロードで行え、方法としては、「設定」→「一般」→「ソフトウェア・アップデート」から行え、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 15 Pro MaxでiOS 18.5からだと1.07GBとなっています。またiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。なお、Appleが案内しているアップデートの内容およびセキュリティーコンテンツの修正は以下の通り。

iOS 18.6
このアップデートには重要なバグ修正とセキュリティアップデートが含まれ、“写真”でメモリームービーの共有ができない可能性がある問題が修正されます。

Appleソフトウェアアップデートのセキュリティコンテンツについては、以下をご覧ください: https://support.apple.com/ja-jp/100100

iPadOS 18.6
このアップデートには、以下の機能強化とバグ修正も含まれます:

・新しいプライドハーモニーの壁紙
・お子様のデバイスでスクリーンタイムパスコードが使用されると、親/保護者に通知が届くようになりました
・他社製デバイス上のApple TVアプリでコンテンツを購入するときに、“iPadで購入”を使用できます

一部の機能は、地域やAppleデバイスによっては使用できません。Appleソフトウェアアップデートのセキュリティコンテンツについては、以下をご覧ください: https://support.apple.com/ja-jp/100100

iOS 18.6 and iPadOS 18.6
Released July 29, 2025

- Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Passcode may be read aloud by VoiceOver
Description: A logic issue was addressed with improved checks.
CVE-2025-31229: Wong Wee Xiang

- Accessibility
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Privacy Indicators for microphone or camera access may not be correctly displayed
Description: The issue was addressed by adding additional logic.
CVE-2025-43217: Himanshu Bharti (@Xpl0itme)

- afclip
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Parsing a file may lead to an unexpected app termination
Description: The issue was addressed with improved memory handling.
CVE-2025-43186: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- CFNetwork
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A non-privileged user may be able to modify restricted network settings
Description: A denial-of-service issue was addressed with improved input validation.
CVE-2025-43223: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

- CoreAudio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted audio file may lead to memory corruption
Description: The issue was addressed with improved memory handling.
CVE-2025-43277: Google's Threat Analysis Group

- CoreMedia
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43210: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

- CoreMedia Playback
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with additional permissions checks.
CVE-2025-43230: Chi Yuan Chang of ZUSO ART and taikosoup

- ICU
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43209: Gary Kwong working with Trend Micro Zero Day Initiative

- ImageIO
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2025-43226

- libnetcore
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a file may lead to memory corruption
Description: This issue was addressed with improved memory handling.
CVE-2025-43202: Brian Carpenter

- libxml2
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a file may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-7425: Sergei Glazunov of Google Project Zero

- libxslt
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-7424: Ivan Fratric of Google Project Zero

- Mail Drafts
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Remote content may be loaded even when the 'Load Remote Images' setting is turned off
Description: This issue was addressed through improved state management.
CVE-2025-31276: Himanshu Bharti (@Xpl0itme)

- Metal
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted texture may lead to unexpected app termination
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2025-43234: Vlad Stolyarov of Google's Threat Analysis Group

- Model I/O
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2025-43224: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
CVE-2025-43221: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

- Model I/O
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: An input validation issue was addressed with improved memory handling.
CVE-2025-31281: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI.
WebKit Bugzilla: 294374
CVE-2025-43228: Jaydev Ahire

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 292888
CVE-2025-43227: Gilad Moav

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 291742
CVE-2025-31278: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei
WebKit Bugzilla: 291745
CVE-2025-31277: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei
WebKit Bugzilla: 293579
CVE-2025-31273: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 292599
CVE-2025-43214: shandikri working with Trend Micro Zero Day Initiative, Google V8 Security Team
WebKit Bugzilla: 292621
CVE-2025-43213: Google V8 Security Team
WebKit Bugzilla: 293197
CVE-2025-43212: Nan Wang (@eternalsakura13) and Ziling Chen

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 293730
CVE-2025-43211: Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may disclose internal states of the app
Description: An out-of-bounds read was addressed with improved input validation.
WebKit Bugzilla: 294182
CVE-2025-43265: HexRabbit (@h3xr4bb1t) from DEVCORE Research Team

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 295382
CVE-2025-43216: Ignacio Sanmillan (@ulexec)

- WebKit
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
WebKit Bugzilla: 296459
CVE-2025-6558: Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group

Additional recognition
- Accessibility
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India, Hamza BHP, Himanshu Bharti (@Xpl0itme) for their assistance.

- Activation Lock
We would like to acknowledge salemdomain for their assistance.

- Bluetooth
We would like to acknowledge LIdong LI, Xiao Wang, Shao Dong Chen, and Chao Tan of Source Guard for their assistance.

- CoreAudio
We would like to acknowledge Noah Weinberg for their assistance.

- Device Management
We would like to acknowledge Al Karak for their assistance.

- libxml2
We would like to acknowledge Sergei Glazunov of Google Project Zero for their assistance.

- libxslt
We would like to acknowledge Ivan Fratric of Google Project Zero for their assistance.

- Managed Configuration
We would like to acknowledge Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School for their assistance.

- Photos
We would like to acknowledge an anonymous researcher for their assistance.

- Safari
We would like to acknowledge Ameen Basha M K for their assistance.

- Shortcuts
We would like to acknowledge Dennis Kniep for their assistance.

- Siri
We would like to acknowledge Timo Hetzel for their assistance.

- WebKit
We would like to acknowledge Google V8 Security Team, Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei, rheza (@ginggilBesel) for their assistance.

■関連リンク
・エスマックス（S-MAX）
・エスマックス（S-MAX） smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 18 関連記事一覧 - S-MAX
・iPadOS 18 関連記事一覧 - S-MAX
・iOS 18 のアップデートについて - Apple サポート (日本)
・iPadOS 18 のアップデートについて - Apple サポート (日本)
・iOS 18.6 および iPadOS 18.6 のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート