Apple released iOS 18.4.1 today – an update that's not just a minor bug fix, but closes two actively exploited security vulnerabilities. If you use an iPhone, you should install this update as soon as possible. According to Apple, attackers may have exploited these vulnerabilities to target users. This also applies to iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.
In its security documentation, Apple lists two security vulnerabilities that were closed with iOS 18.4.1 and the accompanying updates. The first affects CoreAudio, a central component for processing audio files. A specially crafted audio file could lead to arbitrary code being executed on your device. This is possible because memory corruption could previously have occurred during processing of this file. Apple resolved the issue through improved boundary checking. The second vulnerability was even more sensitive. It affects the Pointer Authentication Code (PAC) – a mechanism designed to prevent memory tampering. Attackers who already had read and write permissions on the device were able to bypass this protection. Apple has completely removed the affected code to prevent further abuse.
Actively exploited in targeted attacks
Particularly explosive: Apple itself believes that both vulnerabilities have already been actively exploited – in highly specialized, targeted attacks against individuals. Apple calls this an "extremely sophisticated attack." As usual, Apple isn't revealing who exactly was affected. But the warning clearly demonstrates the seriousness of the situation.
More bug fixes in iOS 18.4.1
In addition to the security vulnerabilities, iOS 18.4.1 also fixes a specific bug affecting users with wireless CarPlay. In certain vehicle models, the connection could malfunction. This issue should now be resolved. The update doesn't include any other new features or changes – the focus is clearly on security (via Apple's Safety documentation).
iOS 18.4.1 & Co.: Update immediately
If you haven't installed iOS 18.4.1 yet, you should do so. The closed vulnerabilities aren't theoretical—according to Apple, they've already been exploited in practice. Because attacks can be targeted and covert, it's important to keep your device up to date. Corresponding updates that address the same vulnerabilities are also available for Mac, Apple TV, iPad, and Vision Pro. The update is available now. You can find it as usual under Settings > General > Software Update. Time for fresh accessories? Visit our Amazon Storefront and discover a wide selection of products from leading manufacturers, including HomeKit! (Photo by Arthead / Bigstockphoto)
- iOS 18.5 Beta 2 released – What we know so far
- iPhone update search failed? How to solve the problem
- CVE database without funding – what is at stake now
