Appleが重要な脆弱性を修正した「iOS 18.7.7」と「iPadOS 18.7.7」を提供開始!26以降に非対応のiPhone XS・XRなど向け
 |
| AppleがiPhoneやiPadなど向けiOS 18.7.7とiPadOS 18.7.7をリリース! |
Appleは24日(現地時間)、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」において前バージョン「iOS 18」や「iPadOS 18」の最新版「iOS 18.7.7(22H333)」および「iPadOS 18.7.7(22H333)」を提供開始したとお知らせしています。
対象機種はiOS 18やiPadOS 18の対応機種となっており、すでにiPhoneについては最新のiOS 26に対応した製品についてはiOS 18.7.7へのソフトウェア更新を選べなくなっているため、iOS 26の対象機種ではないiPhone XSやiPhone XS Max、iPhone XR向けとなっているほか、iPadについてはiPadOS 26の対象外となるiPad(第7世代)のほか、iPadOS 26の対象機種のiPad(第8世代)以降やiPad mini(第5世代)以降、iPad Air(第3世代)以降、12.9インチiPad Pro(第3世代)以降、11インチiPad Pro(第1世代)以降となっています。
なお、すでに紹介しているように同社では合わせてiPhoneやiPadなど向けに最新の「iOS 26.4」および「iPadOS 26.4」を提供開始しているほか、パソコン「Mac」向け「macOS Tahoe 26.4」、スマートウォッチ「Apple Watch」向け「watchOS 26.4」、スマートテレビ「Apple TV」向け「tvOS 26.4」、スマートヘッドセット「Apple Vision」向け「visionOS 26.4」なども配信開始しています。
Appleでは2021年に提供開始したiOS 15およびiPadOS 15から一定期間は次の最新バージョンに更新せずに既存のバージョンに留まる機能を提供しており、2025年9月に最新のiOS 26やiPadOS 26の正式版が配信開始されましたが、引き続いてしばらくiOS 18やiPadOS 18で使う場合を対象にセキュリティー修正のみを行ったソフトウェア更新を提供しており、今回、新たにiOS 18.7およびiPadOS 18.7の最新バージョンとなるiOS 18.7.7およびiPadOS 18.7.7が提供開始されました。
iOS 18やiPadOS 18の対象機種の場合には「設定」→「情報」→「ソフトウェアアップデート」から行います。単体でアップデートする場合のダウンロードサイズは手持ちのiPhone XS MaxでiOS 18.7.6からの場合では425.9MBとなっています。更新は従来通りにiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。Appleが案内しているアップデートの内容およびセキュリティー修正は以下の通り。なお、これまでのAppleの動きからすると、今後もしばらくはiOS 18やiPadOS 18へのセキュリティー修正が継続して提供されると思われます。
iOS 18.7.7
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iPadOS 18.7.7
このアップデートには重要なセキュリティ修正が含まれ、すべてのユーザに推奨されます。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iOS 18.7.7 and iPadOS 18.7.7
Released March 24, 2026
- 802.1X
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: An authentication issue was addressed with improved state management.
CVE-2026-28865: Heloise Gollier and Mathy Vanhoef (KU Leuven)
- AppleKeyStore
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory management.
CVE-2026-20637: Johnny Franks (zeroxjf), an anonymous researcher
- Audio
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
CVE-2026-28879: Justin Cohen of Google
- Clipboard
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2026-28866: Cristian Dinca (icmd.tech)
- CoreMedia
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20690: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
- CoreUtils
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A user in a privileged network position may be able to cause a denial-of-service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2026-28886: Etienne Charron (Renault) and Victoria Martini (Renault)
- Crash Reporter
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to enumerate a user's installed apps
Description: A privacy issue was addressed by removing sensitive data.
CVE-2026-28878: Zhongcheng Li from IES Red Team
- curl
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An issue existed in curl which may result in unintentionally sending sensitive information via an incorrect connection
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-14524
- DeviceLink
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28876: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
- Focus
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2026-20668: Kirin (@Pwnrin)
- iCloud
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to enumerate a user's installed apps
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28880: Zhongcheng Li from IES Red Team
- ImageIO
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-64505
- iTunes Store
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A user with physical access to an iOS device may be able to bypass Activation Lock
Description: A path handling issue was addressed with improved validation.
CVE-2025-43534: iG0x72 and JJ of XiguaSec, Lehan Dilusha Jayasinghe
- Kernel
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to disclose kernel memory
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28868: 이동하 (Lee Dong Ha of BoB 0xB6)
- Kernel
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to leak sensitive kernel state
Description: This issue was addressed with improved authentication.
CVE-2026-28867: Jian Lee (@speedyfriend433)
- Kernel
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A use after free issue was addressed with improved memory management.
CVE-2026-20687: Johnny Franks (@zeroxjf)
- mDNSResponder
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to leak sensitive kernel state
Description: This issue was addressed with improved authentication.
CVE-2026-28867: Jian Lee (@speedyfriend433)
- Security
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A local attacker may gain access to user's Keychain items
Description: This issue was addressed with improved permissions checking.
CVE-2026-28864: Alex Radocea
- UIFoundation
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app may be able to cause a denial-of-service
Description: A stack overflow was addressed with improved input validation.
CVE-2026-28852: Caspian Tarafdar
- Vision
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: The issue was addressed with improved memory handling.
CVE-2026-20657: Andrew Becker
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 304951
CVE-2026-20665: webb
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Processing maliciously crafted web content may bypass Same Origin Policy
Description: A cross-origin issue in the Navigation API was addressed with improved input validation.
WebKit Bugzilla: 306050
CVE-2026-20643: Thomas Espach
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A remote attacker may be able to view leaked DNS queries with Private Relay turned on
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 295943
CVE-2025-43376: Mike Cardwell of grepular.com, Bob Lord
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: A malicious website may be able to access script message handlers intended for other origins
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 307014
CVE-2026-28861: Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team
- WebKit
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 305859
CVE-2026-28871: @hamayanhamayan
記事執筆:memn0ck
■関連リンク
・エスマックス(S-MAX)
・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX - Facebookページ
・iOS 17 関連記事一覧 - S-MAX
・iPadOS 17 関連記事一覧 - S-MAX
・iOS 18 のアップデートについて - Apple サポート (日本)
・iPadOS 18 のアップデートについて - Apple サポート (日本)
・iOS 18.7.7およびiPadOS 18.7.7のセキュリティコンテンツについて - Apple サポート (日本)
・Apple セキュリティアップデート - Apple サポート