Reminder: You really need to update your Apple devices this weekend

Macworld

We know it’s Friday, but we have one more thing for your to-do list: Update your Apple devices. Apple on Monday released a slew of updates for devices new and old, and even if you’re not getting any new features, there are tons of security patches waiting to make your systems safer.

In all, Apple shipped nine OS updates and one update to GarageBand. The most pressing issue is a zero-day flaw in CoreMedia that has been exploited in the wild. The issue, which was patched in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3, could allow a malicious app to access “privileged parts of the system.”

But while that’s the most immediate threat to your device, it’s not the only reason to go mash that Update button. In all, there are dozens of security fixes to patch vulnerabilities across all corners of the system. Here are just some of the important security updates waiting for your device:

AirPlay

Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, visionOS 2.3

Impact: An attacker in a privileged position may be able to perform a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2025-24131: Uri Katz (Oligo Security)

Kernel

Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3

Impact: A malicious app may be able to gain root privileges

Description: A permissions issue was addressed with additional restrictions.

CVE-2025-24107: an anonymous researcher

LaunchServices

Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, visionOS 2.3

Impact: An app may be able to fingerprint the user

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2025-24117: Michael (Biscuit) Thomas (@biscuit@social.lol)

SceneKit

Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3

Impact: Parsing a file may lead to disclosure of user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2025-24149: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

WebKit

Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3

Impact: Processing web content may lead to a denial-of-service

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 283889

CVE-2025-24158: Q1IQ (@q1iqF) of NUS CuriOSity and P1umer (@p1umer) of Imperial Global Singapore

WebKit

Available for: iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, watchOS 11.3, tvOS 18.3, visionOS 2.3

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: This issue was addressed through improved state management.

WebKit Bugzilla: 284159

CVE-2025-24162: linjy of HKUS3Lab and chluo of WHUSecLab

To update your devices, open the Settings app (or System Settings on a Mac), then General and Software Update.