Install iOS 18.5 on your iPhone to get patches for more than thirty security vulnerabilities in Notes, FaceTime, Phone, iCloud document sharing and more.
Apple released iOS 18.5 alongside other updates on Monday, May 12, 2025. The updates bring several new features, like Mail changes, new wallpapers and a new Screen Time password notification. Even if you don’t care about any of this stuff, you should install iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5 and other updates to get the latest security patches.
Apple’s security page lists more than thirty patches for vulnerabilities discovered in iOS 18.5 and other operating systems, including the very first fix for the Apple C1 modem in the iPhone 16e, where an attacker could intercept network traffic.
iOS 18.5 patches 30+ security vulnerabilities
iOS 18.5 brings security patches for AppleJPEG, Baseband, Call History, Core Bluetooth, CoreAudio, CoreGraphics, CoreMedia, FaceTime, FrontBoard, iCloud Document Sharing, ImageIO, Kernel, libexpat, Mail Addressing, mDNSResponder, Notes, Pro Res, Security and WebKit.
The iCloud Document Sharing bug seems dangerous. “An attacker may be able to turn on sharing of an iCloud folder without authentication,” Apple notes. It was patched with additional entitlement checks. iOS 18.5 also squishes a bug where call history from deleted apps may still appear in Spotlight search results.
A bug in the Notes app could allow an attacker with physical access to your device to read your notes from the Lock Screen and even access a deleted call recording. On the Mac, the Hot Corners feature may unexpectedly reveal your deleted notes.
Your iCloud Keychain passwords were compromised
macOS also suffered from a particularly nasty-sounding vulnerability where an app “may be able to access associated usernames and websites” stored in your iCloud Keychain. Apple attributed this to “a logging issue” that it says was addressed with improved data redaction. There was even a bug in the Mac’s built-in Weather app that may allow a malicious app to read sensitive location information.
In the Mail app, there was an injection issue where processing an email could lead to user interface spoofing, addressed with improved input validation. FaceTime suffered from a bug where muting the microphone during a call may not result in audio being silenced. This has been fixed through improved state management.
A critical fix for the Apple Watch
If you use the Apple Watch, be sure to install watchOS 11.5 to protect yourself from a zero-day vulnerability where processing an audio stream in a maliciously crafted media file may result in code execution. This one has been exploited in the wild. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1,” reads the support document.
Update all your Apple devices
Apple’s software platforms share many of the same underpinnings, so these fixes are available across other updates. Do yourself a favor and go to Software Update to install over-the-air updates to get the latest protections for your devices. Apple has brought many of the same fixes to older iPhones, iPads and Macs with the iPadOS 17.7.7, macOS Sonoma 14.7.6 and macOS Ventura 13.7.6 updates.