Apple issues iPhone alert: iOS 18.4.1 fixes serious security flaws
Apple has issued a critical update for iPhone users with the release of iOS 18.4.1, addressing two serious security vulnerabilities that are already being exploited in real-world attacks.
Apple doesn’t provide a lot of detail about what’s fixed in iOS 18.4.1, because the iPhone maker wants to give people as much time to update before more attackers can get hold of the details, News.Az reports, citing Forbes.
The first flaw fixed in iOS 18.4.1 is an issue in the iPhone’s CoreAudio tracked as CVE-2025-31200 and reported by Apple and the Google Threat Analysis Group. Processing an audio stream in a maliciously crafted media file may result in code execution, Apple warned on its support page.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” the iPhone maker added.
The second bug patched in iOS 18.4.1 is a flaw in RPAC tracked as CVE-2025-31201 and reported by Apple. The vulnerability could allow an attacker with arbitrary read and write capability to bypass Pointer Authentication, Apple said, adding that the issue may also have been exploited in an “extremely sophisticated attack.”
The iOS 18.4.1 update comes just two weeks after the release of iOS 18.4, which itself patched 62 vulnerabilities, highlighting the importance of the latest upgrade.
Apple has released iOS 18.4.1, fixing two iPhone security flaws, both of which are being used in real-life attacks. Apple Iphone
The fact that iOS 18.4.1 was issued so rapidly and between updates and the nature of the vulnerabilities indicates that the “targeted attacks” Apple refers to could have involved spyware. The first flaw in Core Media was reported by Google’s Threat Analysis Group which often discovers flaws of this type.
Meanwhile, cybersecurity expert Paul Ducklin explicitly says the iOS 18.4.1 patches address vulnerabilities used to plant spyware. He calls the Core Audio flaw a “Podcast of death.”
“I exaggerate for effect, but update your iPhone anyway — double zero-day used in spyware attack. A rogue audio file could pwn Apple iOS. Also applies to the rest of the Apple ecosystem,” Ducklin writes in a post on X, formerly Twitter.
Spyware attacks are bad because they allow adversaries access to everything on your device, including video, audio and even encrypted apps such as WhatsApp and Signal. This is because once your phone is taken over with spyware, attackers can see everything on your screen.
The good news is, spyware is very targeted, so the flaws fixed in iOS 18.4.1 were probably used in a small number of attacks against a specific subset of iPhone users.
If you suspect you have been targeted with spyware, one way of temporarily disrupting it is to turn your device on and off again. But the malware is very difficult to get rid of and you are usually better to stop using your device altogether.
Apple’s iOS 18.4.1 is an emergency security update that comes in between major point upgrades, ahead of iOS 18.5’s arrival in May. There is no iOS 17 update for older iPhones, perhaps because the operating system is not affected by this flaw. However, Apple is no longer issuing security updates to iOS 17 users that are able to upgrade to iOS 18.
The flaws have been fixed in a smaller iPhone update — and there is an indication that they’re being actively exploited. This highlights the importance of this update, says independent security researcher Sean Wright. “As a result I would recommend people update as soon as possible,” he says, adding that there “is no need to panic in most cases.”
Ineed, despite the urgency of the iOS 18.4.1 upgrade, Apple said the flaws fixed in iOS 18.4.1 were used in targeted attacks. These are likely against journalists, dissidents, government officials and businesses in certain sectors. Yet if attackers get hold of the details, they can use the flaws more widely.
Apple’s iOS 18.4.1 also addresses several bugs, including one that prevents wireless CarPlay connection in certain vehicles.
The iOS 18.4.1 update is available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
News.Az
