iOS 18.4.1 Update Released to Combat Active Security Exploits
For iPhone users, Apple has released an urgent iOS 18.4.1 update that fixes two serious security flaws that were being actively used in targeted attacks. Only two weeks have passed since the release of iOS 18.4, and this unexpected interim upgrade comes before the scheduled May rollout of iOS 18.5.
This quick update’s main goal is to fix serious zero-day vulnerabilities that were found to be actively being exploited. It has been reported that “extremely sophisticated attacks” targeting “specific targeted individuals” were exploiting these vulnerabilities.
The two main security flaws that iOS 18.4.1 fixes are:
- The iPhone’s CoreAudio framework has a vulnerability (CVE-2025-31200), which was discovered by Google’s Threat Analysis Group and Apple. This flaw might parse a maliciously created media file and enable remote code execution. According to Apple, this vulnerability “may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. This may be a “Podcast of death,” highlighting how dangerous the issue is. It has a “high CVSS score of 7.5” for Core Audio.
- Apple themselves disclosed an RPAC (Return Pointer Authentication Code) vulnerability, tagged as CVE-2025-31201. Pointer authentication may be circumvented by an attacker with arbitrary read and write capabilities with this vulnerability. Furthermore, according to Apple, this vulnerability “may have been exploited in a ‘extremely sophisticated attack'”. Violating Pointer Authentication, a security feature intended to thwart memory disclosure attacks, may provide hackers access to private regions of the device’s memory, which might have dire repercussions. A CVE score of 6.8 is assigned to this RPAC vulnerability.
Due to their high level of risk, both of these vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities Catalogue. All iPhone owners are being strongly advised by security experts to apply this update right away. All customers should “immediately update their Apple devices.
The nature of these issues and the quick release of iOS 18.4.1 in between significant upgrades imply that malware was probably used in the targeted assaults. This notion is reinforced by Google’s Threat Analysis Group’s participation, which often finds similar flaws. Spyware may provide hackers complete access to a device, including encrypted conversations, audio, and video. Even while the first assaults seem to have been directed at specific people, such government officials and journalists, there is a chance that these vulnerabilities may be exploited more broadly if the specifics are made public.
iOS 18.4.1 fixes a “rare issue” that stopped wireless CarPlay from connecting in some cars in addition to these important security improvements. This problem did not impair wired CarPlay operation, which is essential to note. Although Apple admitted that this problem was uncommon, it did create “significant frustration for users who rely on navigation and media features while driving.”
iPhone XS and subsequent devices, including the iPhone Xs Max and iPhone XR, as well as the second and third-generation iPhone SE and iPhone 11 through iPhone 16 models, including the iPhone 16e, may all get the iOS 18.4.1 update.
How to Install the update
To install the update, users need to go to Settings > General > Software Update on their iPhone and choose “download and install”. According to reports, the update is around 570 MB in size and, depending on device performance and internet connectivity, should take less than 10 minutes to finish.
Additionally, Apple has addressed the discovered security holes in macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.4, and Safari 18.4 by releasing equivalent updates for additional devices. But according to Apple, iOS devices were particularly targeted in the real-life attacks. Interestingly, there is no iOS 17 upgrade available for earlier iPhone models, presumably because these particular issues do not impact that operating system. But for iOS 17 users who may upgrade to iOS 18, Apple is no longer offering security fixes.
Given the active exploitation of these zero-day vulnerabilities, all eligible iPhone owners should update to iOS 18.4.1 immediately to secure their devices. Although the assaults are targeted, fast action is needed to prevent broad exploitation.
