CVE-2025-30436
📋 TL;DR
This vulnerability allows attackers to use Siri voice commands on locked iOS/iPadOS devices to enable Auto-Answer Calls, potentially allowing unauthorized call interception. It affects Apple iOS and iPadOS users with devices that support Siri and are running vulnerable versions. The issue requires physical access or proximity to the locked device.
💻 Affected Systems
- iPhone
- iPad
📦 What is this software?
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
Attacker enables auto-answer calls on victim's device, intercepting sensitive phone conversations without victim's knowledge, potentially capturing confidential business or personal information.
Likely Case
Unauthorized call interception in scenarios where attackers have brief physical access to locked devices, such as in shared workspaces or public charging stations.
If Mitigated
Limited impact if devices are kept in secure locations, auto-answer is already disabled, or devices are updated to patched versions.
🎯 Exploit Status
Exploitation requires physical access to device or ability to issue Siri voice commands to locked device within hearing range.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18.4, iPadOS 18.4
Vendor Advisory: https://support.apple.com/en-us/122371
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS 18.4/iPadOS 18.4. 5. Restart device when prompted.
🔧 Temporary Workarounds
Disable Siri on Lock Screen
allPrevents Siri from being activated when device is locked
Settings > Face ID & Passcode (or Touch ID & Passcode) > Turn off 'Allow Access When Locked' for Siri
Disable Auto-Answer Calls
allRemoves the vulnerable feature entirely
Settings > Accessibility > Touch > Turn off 'Auto-Answer Calls'
🧯 If You Can't Patch
- Disable Siri on lock screen via device settings
- Disable Auto-Answer Calls feature in accessibility settings
- Implement physical security controls to prevent unauthorized device access
🔍 How to Verify
Check if Vulnerable:
Check if device is running iOS/iPadOS version earlier than 18.4 with Siri enabled on lock screenCheck Version:
Settings > General > About > VersionVerify Fix Applied:
Verify device shows iOS/iPadOS 18.4 or later in Settings > General > About > Version📡 Detection & Monitoring
Log Indicators:
- Siri activation logs while device locked
- Auto-Answer Calls setting changes via accessibility logs
Network Indicators:
- Unexpected call answer patterns
- Call duration anomalies
SIEM Query:
device.os.version < "18.4" AND event.category = "accessibility" AND event.action = "auto_answer_enabled"