 |
| AppleがiPhoneやiPadなど向けiOS 18.7.5とiPadOS 18.7.5をリリース! |
Appleは11日(現地時間)、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」において前バージョン「iOS 18」や「iPadOS 18」の最新版「iOS 18.7.5(22H311)」および「iPadOS 18.7.5(22H311)」を提供開始したとお知らせしています。変更点はともに重要な脆弱性の修正が含まれているとされており、セキュリティアップデートについてはCVEに登録されているKernel関連の「CVE-2026-20671」などの37個の脆弱性が修正されているとのこと。同社ではこれらの脆弱性のうちのいくつかは積極的に悪用されている可能性があるという報告を認識しているとしています。
対象機種はiOS 18やiPadOS 18の対応機種となっており、すでにiPhoneについては最新のiOS 26に対応した製品についてはiOS 18.7.5へのソフトウェア更新を選べなくなっているため、iOS 26の対象機種ではないiPhone XSやiPhone XS Max、iPhone XR向けとなっているほか、iPadについてはiPadOS 26の対象外となるiPad(第7世代)のほか、iPadOS 26の対象機種のiPad(第8世代)以降やiPad mini(第5世代)以降、iPad Air(第3世代)以降、12.9インチiPad Pro(第3世代)以降、11インチiPad Pro(第1世代)以降となっています。
なお、同社では合わせてiPhoneやiPadなど向けに最新の「iOS 26.3」および「iPadOS 26.3」を提供開始しているほか、スマートウォッチ「Apple Watch」向け「watchOS 26.3」、パソコン「Mac」向け「macOS Tahoe 26.3」、セットトップボックス「Apple TV」向け「tv 26.3」、スマートヘッドセット「Apple Vision」向け「visionOS 26.3」なども配信開始しています。
Appleでは2021年に提供開始したiOS 15およびiPadOS 15から一定期間は次の最新バージョンに更新せずに既存のバージョンに留まる機能を提供しており、2025年9月に最新のiOS 26やiPadOS 26の正式版が配信開始されましたが、引き続いてしばらくiOS 18やiPadOS 18で使う場合を対象にセキュリティー修正のみを行ったソフトウェア更新を提供しており、今回、新たにiOS 18.7およびiPadOS 18.7の最新バージョンとなるiOS 18.7.5およびiPadOS 18.7.5が提供開始されました。
iOS 18やiPadOS 18の対象機種の場合には「設定」→「情報」→「ソフトウェア・アップデート」を表示すると、画面の下部に「その他の利用可能なアップデート」として「iOS 26にアップグレード」または「iPadOS 26にアップグレード」が表示されるのでそこからiOS 26やiPadOS 26に更新できるほか、iOS 18やiPadOS 18にアップグレードを選ばない場合にはiOS 18.7.5やiPadOS 18.7.5の更新画面で「ダウンロードしてインストール」を押せばiOS 18.7.5やiPadOS 18.7.5に更新されます。
なお、これまでのAppleの動きからするとしばらくはiOS 18やiPadOS 18へのセキュリティー修正が継続して提供されると思われます。なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone XS MaxでiOS 18.7.3からの場合では425.9MBとなっています。更新は従来通りにiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。Appleが案内しているアップデートの内容およびセキュリティー修正は以下の通り。
iOS 18.7.5
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iPadOS 18.7.5
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iOS 18.7.5 and iPadOS 18.7.5
Released February 11, 2026
- Accessibility
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2026-20645: Loh Boon Keat
- Books
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Restoring a maliciously crafted backup file may lead to modification of protected system files
Description: A path handling issue was addressed with improved validation.
CVE-2025-43537: piffz, Daniel Nurkin, Sadman Adib, Mohamed Hamdadou & Mahran Alhazmi, Hichem Maloufi, Christian Mina, Gerson Aldaz, qwerty j0y & Ricardo Garcia, Dorian Del Valle
- CFNetwork
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A remote user may be able to write arbitrary files
Description: A path handling issue was addressed with improved logic.
CVE-2026-20660: Amy (amys.website)
- CoreAudio
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20611: Anonymous working with Trend Micro Zero Day Initiative
- CoreMedia
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents
Description: The issue was addressed with improved memory handling.
CVE-2026-20609: Yiğit Can YILMAZ (@yilmazcanyigit)
- ImageIO
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20634: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative
- ImageIO
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: The issue was addressed with improved bounds checks.
CVE-2026-20675: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative
- Kernel
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: A logic issue was addressed with improved checks.
CVE-2026-20671: Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef
- LaunchServices
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to enumerate a user's installed apps
Description: The issue was resolved by sanitizing logging.
CVE-2026-20663: Zhongcheng Li from IES Red Team
- libexpat
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted file may lead to a denial-of-service
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-59375
- libnetcore
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: A logic issue was addressed with improved checks.
CVE-2026-20671: Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef
- Live Captions
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An authorization issue was addressed with improved state management.
CVE-2026-20655: Richard Hyunho Im (@richeeta) at Route Zero Security (routezero.security)
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Turning off "Load remote content in messages” may not apply to all mail previews
Description: A logic issue was addressed with improved checks.
CVE-2026-20673: an anonymous researcher
- Messages
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A shortcut may be able to bypass sandbox restrictions
Description: A race condition was addressed with improved handling of symbolic links.
CVE-2026-20677: Ron Masas of BreakPoint.SH
- Model I/O
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted USD file may lead to unexpected app termination
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-20616: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
- Multi-Touch
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A malicious HID device may cause an unexpected process crash
Description: The issue was addressed with improved bounds checks.
CVE-2025-43533: Google Threat Analysis Group
CVE-2025-46300: Google Threat Analysis Group
CVE-2025-46301: Google Threat Analysis Group
CVE-2025-46302: Google Threat Analysis Group
CVE-2025-46303: Google Threat Analysis Group
CVE-2025-46304: Google Threat Analysis Group
CVE-2025-46305: Google Threat Analysis Group
- Safari
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to access a user's Safari history
Description: A logic issue was addressed with improved validation.
CVE-2026-20656: Mickey Jin (@patch1t)
- Sandbox
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20628: Noah Gregory (wts.dev)
- Sandbox Profiles
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-20678: Óscar García Pérez, Stanislav Jelezoglo
- Screenshots
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker may be able to discover a user’s deleted notes
Description: A logic issue was addressed with improved state management.
CVE-2026-20682: Viktor Lord Härringtón
- Shortcuts
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20653: Enis Maholli (enismaholli.com)
- Spotlight
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A sandboxed app may be able to access sensitive user data
Description: The issue was addressed with additional restrictions on the observability of app states.
CVE-2026-20680: an anonymous researcher
- StoreKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to identify what other apps a user has installed
Description: A privacy issue was addressed with improved checks.
CVE-2026-20641: Gongyu Ma (@Mezone0)
- UIKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to bypass certain Privacy preferences
Description: This issue was addressed by removing the vulnerable code.
CVE-2026-20606: LeminLimez
- Voice Control
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to crash a system process
Description: The issue was addressed with improved memory handling.
CVE-2026-20605: @cloudlldb of @pixiepointsec
- VoiceOver
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An authorization issue was addressed with improved state management.
CVE-2026-20661: Dalibor Milanovic
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 303357
CVE-2026-20608: HanQing from TSDubhe and Nan Wang (@eternalsakura13)
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A remote attacker may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 303959
CVE-2026-20652: Nathaniel Oh (@calysteon)
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 303444
CVE-2026-20644: HanQing from TSDubhe and Nan Wang (@eternalsakura13)
WebKit Bugzilla: 304661
CVE-2026-20635: EntryHi
- Wi-Fi
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20621: Wang Yu of Cyberserval
記事執筆:memn0ck
■関連リンク
・エスマックス(S-MAX)
・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 17 関連記事一覧 - S-MAX
・iPadOS 17 関連記事一覧 - S-MAX
・iOS 18 のアップデートについて - Apple サポート (日本)
・iPadOS 18 のアップデートについて - Apple サポート (日本)
・iOS 18.7.5およびiPadOS 18.7.5のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート
