CVE-2025-31225
📋 TL;DR
This CVE describes a privacy vulnerability where call history from deleted apps may still appear in Spotlight search results on iOS/iPadOS devices. This affects users who have deleted calling apps but whose call data remains accessible through system search. The issue allows unauthorized access to private call information.
💻 Affected Systems
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical access to the device could retrieve sensitive call history data from deleted applications, potentially exposing private communications, contacts, and relationship patterns.
Likely Case
Unauthorized users (family members, colleagues, or anyone with device access) could discover private call history that users believed was deleted when they removed the calling app.
If Mitigated
With proper device access controls (passcodes, biometrics) and user awareness, the risk is limited to authorized users who shouldn't have access to this specific data.
🎯 Exploit Status
Exploitation requires physical access to the device or authorized user access. The vulnerability is simply accessing Spotlight search results.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18.5 and iPadOS 18.5
Vendor Advisory: https://support.apple.com/en-us/122404
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS 18.5/iPadOS 18.5 update. 5. Device will restart automatically.
🔧 Temporary Workarounds
Disable Spotlight Search for Call History
allPrevent Spotlight from indexing and displaying call history results
Settings > Siri & Search > [App Name] > Turn off 'Show App in Search' and 'Show Content in Search'
Clear Spotlight Search Index
allForce Spotlight to rebuild its search index
Settings > General > Transfer or Reset iPhone > Reset > Reset Home Screen Layout
🧯 If You Can't Patch
- Enable strong device passcode/biometric authentication to limit physical access
- Regularly clear Spotlight search history and disable call history indexing for sensitive apps
🔍 How to Verify
Check if Vulnerable:
Check if device is running iOS/iPadOS version earlier than 18.5 in Settings > General > About > Software VersionCheck Version:
Settings > General > About > Software VersionVerify Fix Applied:
Confirm device shows iOS 18.5 or iPadOS 18.5 in Settings > General > About > Software Version📡 Detection & Monitoring
Log Indicators:
- No specific log indicators - this is a privacy/data persistence issue
Network Indicators:
- No network indicators - local device issue only
SIEM Query:
Not applicable - local device privacy issue