Critical Vulnerability Information Key Summary: Release Date: iOS 26.1 and iPadOS 26.1 were released on November 3, 2025. Affected Devices: - iPhone 11 and later models - Multiple models of iPad Pro, iPad, iPad Air, and iPad mini Fixed Vulnerabilities: - Accessibility: CVE-2025-43442, fixed permission issue. - Apple Account: CVE-2025-43455, fixed privacy issue. - Apple Neural Engine: CVE-2025-43462 and CVE-2025-43447, fixed memory issues. - Apple TV Remote: CVE-2025-43449, fixed caching handling issue. - AppleMobileFileIntegrity: CVE-2025-43379, fixed validation issue. - Assets: CVE-2025-43407, fixed out-of-bounds access issue. - Audio: CVE-2025-43423, fixed logging issue. - Camera: CVE-2025-43450, fixed logic issue. - CloudKit: CVE-2025-43448, fixed symbolic link validation issue. - Contacts: CVE-2025-43426, fixed logging issue. - Control Center: CVE-2025-43350, fixed permission issue. - CoreServices: CVE-2025-43436, fixed permission issue. - CoreText: CVE-2025-43445, fixed input validation issue. - FileProvider: CVE-2025-43498, fixed state management issue. - Find My: CVE-2025-43507, fixed privacy issue. - Installer: CVE-2025-43444, fixed permission issue. - Kernel: CVE-2025-43598, fixed memory handling issue. - libxpc: CVE-2025-43343, fixed sandbox restriction issue. - Mail Drafts: CVE-2025-43496, fixed logic issue. - MallocStackLogging: CVE-2025-43294, fixed validation issue. - Model I/O: CVE-2025-43381, CVE-2025-43385, CVE-2025-43384, and CVE-2025-43383, fixed out-of-bounds access issues. - Multi-Touch: CVE-2025-43424, fixed boundary checking issue. - Notes: CVE-2025-43389, fixed code removal issue. - On-device Intelligence: CVE-2025-43439, fixed privacy issue. - Photos: CVE-2025-43391, fixed privacy issue. - Safari: CVE-2025-43493, CVE-2025-43502, CVE-2025-43503, and CVE-2025-43501, fixed user interface and privacy issues. - Sandbox Profiles: CVE-2025-43500, fixed preference handling issue. - Siri: CVE-2025-43454, fixed state management issue. - Status Bar: CVE-2025-43460, fixed logic issue. - Stolen Device Protection: CVE-2025-43422, fixed logic issue. - Text Input: CVE-2025-43452, fixed option restriction issue. - WebKit: Multiple CVEs, fixed various memory, state management, and logic issues. Additional Information Acknowledgments: The document acknowledges contributions from multiple researchers and teams. Release Date: November 3, 2025.