·  ·  · 

Apple Releases iOS 18.7.2 & iPadOS 18.7.2, Patches Zero-Day Exploit

November 6, 2025
by
Apple Releases iOS 18.7.2 & iPadOS 18.7.2, Patches Zero-Day Exploit

Apple has rolled out new software updates — iOS 18.7.2 for iPhones and iPadOS 18.7.2 for iPads — as an emergency measure to fix critical security vulnerabilities, including a potential zero-day exploit [1] [2]. Released on November 5, 2025, these updates deliver “important security fixes” and are recommended for all users still running iOS 18 on older devices [3] [4]. Apple is urging iPhone and iPad owners who haven’t upgraded to iOS 26 to install this update immediately to safeguard their devices from active threats.

Key Highlights

  • Emergency Security Update: Apple issued iOS 18.7.2 and iPadOS 18.7.2 as urgent patches to address critical security flaws, one of which is a zero-day vulnerability already exploited in the wild [5]. This underscores the importance of updating without delay.
  • Older Devices Supported: The update targets iPhones and iPads unable to run iOS 26, ensuring continued protection for models like iPhone XR, iPhone XS, and iPad (7th generation) [6]. Apple often provides such security updates for devices no longer eligible for the latest OS, so users aren’t left exposed [7].
  • No New Features – Just Fixes: iOS 18.7.2 does not introduce any new features or visual changes, focusing entirely on security improvements [8] [9]. Apple’s brief release notes state only that the update “provides important security fixes and is recommended for all users.” [10]
  • Multiple Vulnerabilities Patched: According to Apple’s security content, these patches address issues across a wide range of system components – from the App Store and Camera to Notes, Find My, Safari, WebKit and more [11]. The fixes remedy flaws that could allow apps to leak sensitive data, fingerprint users, or execute malicious code via crafted images or web content, among other potential exploits [12] [13].
  • Coordinated Release: This rollout coincides with Apple’s broader security push. At the same time, iOS 26.1 and iPadOS 26.1 for newer devices were released with similar fixes, alongside updates for macOS (Tahoe 26.1 and Sequoia 15.7.2), watchOS 26.1, and tvOS 26.1 [14]. Apple essentially backported many of iOS 26.1’s security improvements to iOS 18.7.2, so users who haven’t moved to iOS 26 can stay protected [15].

Critical Security Fixes for Older iPhones & iPads

Apple’s main focus is usually on its current-generation operating systems, but the company continues to support older iOS versions with vital patches when needed [16]. iOS 18.7.2 and iPadOS 18.7.2 are specifically aimed at devices that cannot upgrade to iOS 26, such as the iPhone XR, iPhone XS, and 7th-gen iPad [17]. These models, launched around 2018–2019, have been dropped from the latest OS compatibility list, yet Apple ensures they still receive critical fixes for known vulnerabilities. In Apple’s words, the update provides “important security fixes and is recommended for all users.” [18]

Notably, Apple frequently issues such updates for legacy devices after ending their official OS support, a practice meant to extend the safety net for older hardware [19]. By releasing iOS 18.7.2 now, Apple is addressing any serious security holes on those older iPhones and iPads, so users aren’t forced to choose between security and upgrading their device. If your iPhone or iPad is staying on iOS 18, Apple’s advice is clear: install this update as soon as possible.

Zero‑Day Exploit Patched & Vulnerabilities Addressed

This round of updates is classified as an “emergency” security release by experts because it squashes at least one critical zero-day exploit – meaning a security bug that was found being actively exploited by attackers before a fix was available [20]. Apple’s security advisory doesn’t detail the specifics in the release notes (as is customary to protect users until patches are widely installed), but independent reports indicate that one patched flaw could allow bad actors to hijack a device simply by tricking a user into opening a malicious image file [21] [22]. This type of vulnerability in the Image I/O framework was previously used in targeted attacks, prompting Apple to respond quickly with a fix [23].

Beyond that headline-grabbing exploit, iOS 18.7.2/iPadOS 18.7.2 includes a broad array of security patches. Apple’s updated security content page lists dozens of CVE-listed vulnerabilities now resolved in iOS 18.7.2 [24]. The issues span many system components, illustrating why Apple labeled the update as important for all users:

  • App Store: Fixed a permissions issue that could allow an app to fingerprint the user’s device or identify installed apps without consent [25] [26].
  • Camera: Closed a logic flaw where an app might glean information from the camera view before permission was granted [27].
  • Find My: Patched a privacy bug in the Find My service that could let an app access or “fingerprint” sensitive location data [28].
  • Notes: Removed vulnerable code in the Notes app that might have allowed unauthorized access to sensitive user data [29] [30].
  • Kernel: Addressed a kernel memory handling issue that could potentially be exploited to cause system crashes [31] [32].
  • Safari & WebKit: Fixed multiple WebKit browser engine flaws. For example, visiting malicious websites could lead to address bar spoofing or app crashes, and a WebKit bug that might let an app monitor keystrokes without permission was patched [33] [34].

These are just a few examples among many. In simpler terms, the update hardens your iPhone/iPad against a variety of attacks – whether it’s rogue apps trying to snoop on your data, or web-based exploits that could corrupt memory and compromise your device. By delivering the iOS 18.7.2 update, Apple effectively brings the security of these older devices up to par with the fixes that newer devices received in iOS 26.1 [35].

How to Update to iOS 18.7.2 / iPadOS 18.7.2

Updating your device is quick and ensures you’re protected. Follow these steps to install iOS 18.7.2 (or iPadOS 18.7.2) on your device:

  1. Back Up (Recommended): Before updating, it’s wise to perform a backup via iCloud or your computer, to safeguard your data [36].
  2. Open Settings: On your iPhone or iPad, go to the Settings app.
  3. Navigate to General > Software Update: In Settings, tap General, then select Software Update.
  4. Download iOS 18.7.2: Look for the iOS 18.7.2 (or iPadOS 18.7.2) update in the list. Tap “Download and Install” (or “Update Now”) to begin the installation [37]. If your device is eligible for iOS 26 but you prefer to stay on iOS 18, make sure to select the 18.7.2 update specifically – take care not to accidentally upgrade to iOS 26 if that’s not desired [38].
  5. Restart to Install: After the download completes, follow the prompts. Your device will reboot to apply the update.

Once restarted, you can confirm the installation by checking Settings > General > About, where the version should show iOS 18.7.2 (or iPadOS 18.7.2). The entire process only takes a few minutes, and it will patch the vulnerabilities described above. Apple notes that the update is “recommended for all users,” so it’s prudent not to delay [39].

No New Features, Just Essential Fixes

Users should not expect any new emojis, UI changes, or fancy features in iOS 18.7.2 – and that’s by design. This release is a pure security patch. Apple kept the release notes minimal, emphasizing only the importance of the security content [40]. As AppleInsider reports, such updates “don’t tend to include new features” but instead focus on behind-the-scenes protections and occasionally compatibility updates for newer hardware [41]. The priority here is stability and safety over new functionality.

For iPhone and iPad owners who have been holding off on upgrading to iOS 26, iOS 18.7.2 ensures they aren’t left vulnerable. In fact, 9to5Mac points out that this update brings many of the same fixes from iOS 26.1 over to iOS 18 [42]. So, while you won’t see anything visibly different after updating, under the hood your device will be much more secure.

Bottom Line: Update Now for Security

If your device is eligible for this update, install iOS 18.7.2 / iPadOS 18.7.2 as soon as possible. Cybersecurity threats can escalate quickly once vulnerabilities become public knowledge, and even if a flaw is only exploited in targeted attacks, it’s wise for all users to patch it. Apple’s swift move to push these fixes underscores how critical they are – the company rarely issues out-of-cycle “point” updates unless the risks are significant.

By updating, you ensure that your iPhone or iPad has the latest defenses against known exploits. In the past year alone, Apple has patched multiple zero-day vulnerabilities used by spyware and other malicious actors [43]. Staying on the latest security update is the best way to keep your personal data and device safe. As Apple’s release notes state, this update is “recommended for all users” [44] – a clear call that everyone running iOS 18 should take advantage of this critical patch. In short: don’t wait, update now, and keep your older Apple devices secure.

iPadOS 26: Ready for Laptop Duty?
Watch this video on YouTube.

References

1. 9to5mac.com, 2. www.itpro.com, 3. 9to5mac.com, 4. appleinsider.com, 5. www.itpro.com, 6. appleinsider.com, 7. appleinsider.com, 8. osxdaily.com, 9. appleinsider.com, 10. appleinsider.com, 11. 9to5mac.com, 12. www.theregister.com, 13. www.theregister.com, 14. osxdaily.com, 15. 9to5mac.com, 16. appleinsider.com, 17. appleinsider.com, 18. appleinsider.com, 19. appleinsider.com, 20. www.itpro.com, 21. www.theregister.com, 22. www.theregister.com, 23. www.theregister.com, 24. 9to5mac.com, 25. support.apple.com, 26. support.apple.com, 27. support.apple.com, 28. support.apple.com, 29. support.apple.com, 30. support.apple.com, 31. support.apple.com, 32. support.apple.com, 33. support.apple.com, 34. support.apple.com, 35. 9to5mac.com, 36. osxdaily.com, 37. appleinsider.com, 38. osxdaily.com, 39. appleinsider.com, 40. 9to5mac.com, 41. appleinsider.com, 42. 9to5mac.com, 43. www.theregister.com, 44. appleinsider.com

Mateusz Brzeziński

Technology News

  • Quantum Readiness for Federal Agencies: Practical Steps for Hybrid Classical-Quantum Workflows
    November 7, 2025, 10:04 PM EST. Two leaders from General Dynamics Information Technology and IonQ outline a practical path to quantum readiness for federal agencies. The discussion highlights four core steps: map and mobilize data to uncover usable quantum-ready assets; simulate often - even without hardware to validate ideas and de-risk deployments; build hybrid workflows that blend classical + quantum processing; and push vendors to solve real government problems. By focusing on data strategy, iterative testing, and vendor collaboration, agencies can move from theory to action, accelerate pilots, and mature quantum capabilities in a controlled, mission-centric way. Watch the full discussion for concrete guidance and examples.
  • XPENG's IRON humanoid robot wows with lifelike motion, even cut open on stage to prove it's real
    November 7, 2025, 10:02 PM EST. XPENG unveiled IRON, a humanoid robot with lifelike movement at AI Day in Guangzhou. The robot uses a flexible spine, articulated joints and bionic muscles to move with a model-like swagger. Its onboard architecture combines a born-from-within design and an all-solid-state battery. With 82 degrees of freedom (including 22 in each hand) and three custom AI chips delivering about 2,250 TOPS of compute, IRON aims for humanlike interaction without translating vision to language first. The machine features an internal endoskeleton and full-coverage skin to feel warmer and more intimate, and Xpeng envisions customizable options like sex, hair length, and clothing. IRON is slated for mass production, though chores are not on the near-term roadmap due to safety and usability concerns.
  • DJI Mic Mini Bundle Slashed to $74 on Amazon, Beating Budget No-Name Alternatives
    November 7, 2025, 9:56 PM EST. For videographers and podcasters, audio quality is king. The DJI Mic Mini is on sale at Amazon, dropping to $74 (38% off) for a limited time. The bundle includes two transmitters and one receiver, ideal for duo productions. At only 10 grams per mic, it's lightweight and unobtrusive, while the built-in noise cancelling modes-from Basic to Strong-keep chatter clean. It touts a 400 m range and up to 10 hours of battery life, suitable for a full workday of shoots. This deal undercuts many budget no-name options, but it won't last long-snag the DJI Mic Mini while the price holds.
  • Halo Infinite's Last Major Update as Studio Shifts Focus to Multiple Halo Titles
    November 7, 2025, 9:54 PM EST. Halo Infinite is getting its last major content update this month as the team shifts focus to multiple Halo titles in development. The new update, Operation: Infinite, arrives November 18 with a battle pass and new cosmetics, but signals that no additional large updates are planned for Infinite. The game will move into maintenance mode while continuing general support. Looking ahead, Campaign Evolved is planned for release on PS5 and Xbox next year, underscoring a cross-platform Halo strategy as Microsoft recalibrates its lineup.
  • YouTube Outage in California: What Happened and How to Check Updates
    November 7, 2025, 9:52 PM EST. An outage affected YouTube, YouTube Music, and YouTube TV on Oct. 15, with hundreds of thousands reporting issues in California and beyond. Around 5 p.m. PT, YouTube said it was investigating the problem and that content should play normally again about 30 minutes later, though the cause wasn't disclosed. Downdetector logged more than 800,000 reports within an hour. Users noticed some ads still played even when videos failed to load. YouTube advised users to visit the YouTube Help page or post to the YouTube Help site for updates, and said updates would also appear on Team YouTube on X. The company has not provided a formal explanation yet.