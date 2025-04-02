+ ↺ − 16 px

Apple has released iOS 18.4, introducing a range of new features for iPhones while also addressing a critical security concern.

But the iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 62 security vulnerabilities, some of which are serious, News.Az reports, citing Forbes.

Apple doesn’t give much detail about what’s fixed in iOS 18.4, to give people as much time to update their iPhones as possible before attackers can get hold of the details. Among the fixes, the iOS 18.4 upgrade patches several critical bugs in WebKit, the engine that underpins the Safari browser — and the Kernel at the heart of the iPhone operating system.

Apple's iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 60 security vulnerabilities, some of which are serious. Image: Apple iPhone

Apple’s iOS 18.4 patches an issue in the iPhone Kernel tracked as tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures.

Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross site scripting— where an attacker injects malicious scripts into a trusted website — if you inadvertently load a malicious iframe, Apple warns on its support page.

The iOS 18.4 patches come less than a month after Apple’s emergency iPhone update 18.3.2, which fixed a flaw already being used in real-life attacks.

A significant number of the vulnerabilities fixed in iOS 18.4 were in WebKit. This shows that attackers continue to focus on exploiting the framework that downloads and presents web-based content, says Adam Boynton, senior security strategy manager EMEIA at Jamf.

Another key iOS 18.4 fix is in the Kernel, which is “crucial” because it manages all operating system operations and hardware interactions on your iPhone, says Boynton. He points out that the bug fixed in iOS 18.4 is worrying, because it “allows an attacker to attempt passcode entries despite the device being locked.”

The iOS 18.4 update also addresses vulnerabilities in Apple’s Core Media. This framework is commonly used to process media, supporting a broad set of apps and managing data queues in memory, says Boynton. “By targeting these vulnerabilities, attackers can corrupt process memory and access sensitive information,” he warns.

Thankfully, there appear to be no publicly exploited vulnerabilities fixed in iOS 18.4, says Sean Wright, head of application security at Featurespace. “While there are quite a few fixes, it is good to see them being addressed,” he says.

Some people might be alarmed by the number of security fixes being issued by Apple in recent times. However, Wright says this is a good thing. “Vulnerabilities are part of software, the important part is that they are addressed in a timely manner. I think Apple has done a respectable job,” he says.

Wright does point out that some of the vulnerabilities patched in iOS 18.4 could impact a user when chained together. However, he says, these would have to be used in “very targeted attacks.”

While Apple hasn’t mentioned any instances of these vulnerabilities being exploited in real attacks, the CVEs are now public, Boynton says. “Attackers will likely target devices that have yet to be updated, so downloading iOS 18.4 is essential for all users.”

Researcher issues warning about a new setting enabled by default in iOS 18.4

Shortly after the release of iOS 18.4, a security researcher noticed a new iPhone setting had been enabled by default.

“Apple’s iOS 18.4 introduced a new option in System Location Services called Improve Location Accuracy and it is enabled by default,” security researcher Tommy Mysk wrote on X, formerly Twitter.

You can find it under: Settings > Privacy & Security > Location Services > System Services.

“This option appears to enhance the Assisted GPS (aGPS) network by providing more precise GPS coordinates of nearby Wi-Fi networks and cell towers,” Mysk wrote. “Apple and Google devices rely on the aGPS database in areas where the GPS signal is weak.”

The iOS 18.4 feature isn’t on for all users, but it makes sense to check your iPhone to see if yours is.

Meanwhile, it is being reported that Apple Intelligence is enabled by default yet again in iOS 18.4. In both cases, once you’ve downloaded iOS 18.4, it’s a good idea to go to your settings and ensure these features are turned off, if you don’t want to use them.

To turn off Apple Intelligence now, go to Settings > Apple Intelligence and Siri and toggle off Apple Intelligence.

Bug fixes in iOS 18.4

The iOS 18.4 update also comes with some fixes for annoying iPhone bugs. According to the iOS 18.4 release notes, these include several issues with Apple Intelligence.

Another resolved issue is a problem where scrolling through Notifications might cause them to flicker or collapse momentarily. Meanwhile issues resolved in Apple’s voice assistant Siri include a problem where in non-English languages, some Siri suggestions might fail to complete successfully.

Apple Issues iPadOS 17.7.6, iOS 16.7.11 And iOS 15.8.4

Alongside iOS 18.4, Apple has issued iPadOS 17.7.6 for older devices the iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation. The update fixes a number of flaws, the most notable being an issue in CoreMedia that could allow a malicious application to elevate privileges, tracked as CVE-2025-24085. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the iPhone maker warns.

Meanwhile, iOS 16.7.11 for the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation fixes two issues used in real life attacks.

Lastly, Apple has squashed the same bugs for very old devices in iOS 15.8.4.

Other Updates Released By Apple

Alongside iOS 18.4 and the updates for older iPhones and iPads, Apple released Safari 18.4 for macOS Ventura and macOS Sonoma, Xcode 16.3 for macOS Sequoia 15.2 and later, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. It also issued tvOS 18.4 and visionOS 2.4 for its mixed reality headset.

Why You Should Update To iOS 18.4 Now

Apple’s iOS 18.4 fixes more than 60 issues — one of the biggest list of patches I’ve seen from the iPhone maker in recent times. “With such a high number of security fixes, we strongly recommend that users update their devices to iOS 18.4,” says Boynton.

Indeed, iOS 18.4 and the other upgrades issued alongside it include important security updates for your iPhone — some of which have been used in real-life attacks. “These vulnerabilities could potentially allow malicious code to run on affected devices, putting data at risk as well as the device itself at risk of a remote denial of service attack,” says Jake Moore, global cybersecurity advisor at ESET.

He recommends all users install the iOS 18.4 update “as soon as possible to ensure devices remain protected against these known threats.”

I agree. Apple’s iOS 18.4 includes a long list of patched flaws, so it’s a good idea to apply it now. Go to your Settings > General > Software Update and download and install iOS 18.4 now to keep your iPhone safe.

News.Az