Hakim Boukhadra

**Name of the Vulnerable Software and Affected Versions** iPadOS versions prior to 17.7.4 iOS versions prior to 18.3 iPadOS versions prior to 18.3 **Description** The issue is related to the handling of symlinks, which could allow an attacker to modify protected system files by restoring a maliciously crafted backup file. This may lead to arbitrary file reads outside the sandbox. While a mitigation was added in iOS 18.3, it does not fully fix the issue. **Recommendations** For iPadOS versions prior to 17.7.4, update to iPadOS 17.7.4 or later. For iOS versions prior to 18.3, update to iOS 18.3 or later. For iPadOS versions prior to 18.3, update to iPadOS 18.3 or later. As a temporary workaround, consider restricting access to backup files to minimize the risk of exploitation.