Most Apple users are thinking about iOS 26 right now, which makes sense, as it’s the exciting new toy coming to devices around the world.
However, while you’re waiting, you should definitely not skip the recently released iOS 18.6, as it addresses a total of 24 critical security flaws that are essential for keeping your phone safe and secure, as outlined on Apple’s support site.
If you’re under the impression that you can ignore this iOS version until the big release, it’s time to reconsider that stance and update your phone.
iOS 18.6 — what are the security fixes?
Some of these security fixes are minor, while others are much more significant.
Either way, they’re all worth downloading iOS 18.6 to your device. One fixed vulnerability could allow an app to access user-sensitive data. Another could cause a passcode to be read aloud by VoiceOver. There’s even the potential for address bar spoofing — scary stuff.
Here’s the complete list of patched vulnerabilities, the systems impacted and the CVE code:
- Passcode may be read aloud by VoiceOver in Accessibility (CVE-2025-31229)
- Privacy Indicators for microphone or camera access may not be correctly displayed in Accessibility (CVE-2025-43217)
- Parsing a file may lead to an unexpected app termination in afclip (CVE-2025-43186)
- A non-privileged user may be able to modify restricted network settings in CFNetwork (CVE-2025-43223)
- Processing a maliciously crafted audio file may lead to memory corruption in CoreAudio (CVE-2025-43277)
- Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory in CoreMedia (CVE-2025-43210)
- An app may be able to access user-sensitive data in CoreMedia Playback (CVE-2025-43230)
- Processing maliciously crafted web content may lead to an unexpected Safari crash in ICU (CVE-2025-43209)
- Processing a maliciously crafted image may result in disclosure of process memory in ImageIO (CVE-2025-43226)
- Processing a file may lead to memory corruption in libnetcore (CVE-2025-43202)
- Processing a file may lead to memory corruption in libxml2 (CVE-2025-7425)
- Processing maliciously crafted web content may lead to memory corruption in libxslt (CVE-2025-7424)
- Remote content may be loaded even when the ‘Load Remote Images’ setting is turned off in Mail Drafts (CVE-2025-31276)
- Processing a maliciously crafted texture may lead to unexpected app termination in Metal (CVE-2025-43234)
- Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory in Model I/O (CVE-2025-43224 and CVE-2025-43221)
- Processing a maliciously crafted file may lead to unexpected app termination in Model I/O (CVE-2025-31281)
- Visiting a malicious website may lead to address bar spoofing in WebKit (CVE-2025-43228)
- Processing maliciously crafted web content may disclose sensitive user information in WebKit (CVE-2025-43227)
- Processing maliciously crafted web content may lead to memory corruption in WebKit (CVE-2025-31278, CVE-2025-31277 and CVE-2025-31273)
- Processing maliciously crafted web content may lead to an unexpected Safari crash in WebKit (CVE-2025-43214, CVE-2025-43213 and CVE-2025-43212)
- Processing web content may lead to a denial-of-service in WebKit (CVE-2025-43211)
- Processing maliciously crafted web content may disclose internal states of the app in WebKit (CVE-2025-43265)
- Processing maliciously crafted web content may lead to an unexpected Safari crash in WebKit (CVE-2025-43216)
- Processing maliciously crafted web content may lead to an unexpected Safari crash in WebKit (CVE-2025-6558)
There are some serious issues listed above, and given how easy it is to update your phone to the latest version of iOS, it’s absolutely worth taking a little time to ensure you’re protected from all the issues outlined above.
