CVE-2025-30436 is a critical security vulnerability affecting Apple iOS and iPadOS devices prior to version 18.4. The flaw allows an unauthenticated attacker to leverage Siri voice assistant functionality on a locked device to enable the Auto-Answer Calls feature. Auto-Answer Calls automatically answers incoming calls, which can be exploited to eavesdrop on conversations or intercept sensitive communications without the device owner's knowledge or consent. The vulnerability arises because Siri, when invoked on a locked device, previously permitted enabling Auto-Answer Calls without requiring authentication or user interaction, violating access control principles (CWE-284). This issue was addressed by Apple in iOS/iPadOS 18.4 by restricting the options Siri can offer when the device is locked, effectively preventing unauthorized activation of Auto-Answer Calls. The vulnerability has a CVSS v3.1 base score of 9.1, indicating critical severity due to network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and high availability impact (A:H). Although no known exploits have been reported in the wild, the ease of exploitation and potential for covert surveillance make this a significant threat. The vulnerability affects all versions of iOS and iPadOS prior to 18.4, which are widely deployed globally on iPhones and iPads. The issue was reserved in March 2025 and published in May 2025, with Apple providing a fix in the 18.4 release cycle.

The primary impact of CVE-2025-30436 is a severe breach of confidentiality and availability. By enabling Auto-Answer Calls remotely via Siri on a locked device, attackers can covertly listen to conversations, potentially capturing sensitive personal, corporate, or governmental information. This undermines user privacy and can facilitate espionage, corporate spying, or unauthorized surveillance. The availability impact arises because Auto-Answer Calls can disrupt normal device operation and user control over incoming calls. Organizations relying on Apple mobile devices for secure communications, including government agencies, enterprises, and individuals handling sensitive data, face heightened risk. The vulnerability's exploitation requires no privileges or user interaction, making it highly accessible to remote attackers within voice command range or via remote voice injection techniques. The widespread use of Apple devices globally increases the scope and scale of potential impact. Failure to patch promptly could result in data leaks, reputational damage, regulatory penalties, and loss of trust.

To mitigate CVE-2025-30436, organizations and users should immediately update all affected Apple devices to iOS and iPadOS version 18.4 or later, where the vulnerability is fixed by restricting Siri options on locked devices. Until updates can be applied, it is advisable to disable Siri access from the lock screen via device settings to prevent unauthorized voice commands. Additionally, disabling the Auto-Answer Calls feature manually can reduce risk exposure. Organizations should enforce mobile device management (MDM) policies to ensure timely patch deployment and restrict Siri usage on corporate devices. Monitoring for unusual call activity and educating users about the risks of voice assistant features on locked devices can further reduce exploitation likelihood. Network-level protections such as voice command filtering or limiting physical access to devices can also help. Regular security audits and incident response readiness are recommended to detect and respond to potential exploitation attempts.