CVE-2025-43495
📋 TL;DR
This vulnerability allows malicious iOS/iPadOS apps to monitor keystrokes without user permission, potentially capturing sensitive input like passwords and messages. It affects users running vulnerable versions of iOS and iPadOS who install untrusted apps.
💻 Affected Systems
- iOS
- iPadOS
📦 What is this software?
Ipados by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all keyboard input including passwords, financial data, personal messages, and authentication credentials across all apps on the device.
Likely Case
Targeted surveillance of specific apps to capture login credentials, personal communications, or sensitive business information.
If Mitigated
Limited impact if only trusted apps from the App Store are installed and device is kept updated.
🎯 Exploit Status
Exploitation requires user to install a malicious app, which could be disguised as legitimate software. No public exploit details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: iOS 18.7.2, iPadOS 18.7.2, iOS 26.1, iPadOS 26.1
Vendor Advisory: https://support.apple.com/en-us/125632
Restart Required: Yes
Instructions:
1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install available update. 5. Device will restart automatically.
🔧 Temporary Workarounds
Restrict App Sources
allOnly install apps from the official App Store and avoid sideloading or enterprise-signed apps from untrusted sources.
Review App Permissions
allRegularly review and revoke unnecessary app permissions, especially keyboard/input-related permissions.
🧯 If You Can't Patch
- Implement mobile device management (MDM) to restrict app installation to approved sources only
- Deploy endpoint detection and response (EDR) solutions to monitor for suspicious app behavior
🔍 How to Verify
Check if Vulnerable:
Check iOS/iPadOS version in Settings > General > About > Software Version. If version is earlier than 18.7.2 or 26.1, device is vulnerable.Check Version:
Not applicable - check via device Settings UIVerify Fix Applied:
After updating, verify version shows iOS 18.7.2, iPadOS 18.7.2, iOS 26.1, or iPadOS 26.1 in Settings > General > About > Software Version.📡 Detection & Monitoring
Log Indicators:
- Unusual keyboard permission requests in system logs
- Apps accessing keyboard input without clear user-facing functionality
Network Indicators:
- Suspicious outbound data transmissions containing keystroke patterns or timing data
SIEM Query:
Not applicable - primarily local device detection through MDM or EDR solutions