Apple has rolled out iOS 18.4.1, which not only addresses CarPlay bugs but also resolves two critical security vulnerabilities that have reportedly been exploited in the wild. These security enhancements are also available in macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.
Security Updates in iOS 18.4.1
Apple acknowledges awareness of allegations that these security vulnerabilities “may have been exploited in a highly sophisticated attack aimed at certain targeted individuals.”
Details about the vulnerabilities are as follows:
CoreAudio:
- Impact: Processing a maliciously crafted media file’s audio stream could lead to code execution. Apple has received reports indicating that this vulnerability may have been exploited in a highly sophisticated attack targeting specific individuals on iOS.
- Description: The issue, a memory corruption problem, was resolved with enhanced bounds checking.
- CVE-2025-31200: Apple and Google Threat Analysis Group
RPAC:
- Impact: An attacker with the ability to read and write arbitrary data could potentially bypass Pointer Authentication. Apple is aware of reports that this issue may have been leveraged in a highly sophisticated attack against certain targeted individuals on iOS.
- Description: The vulnerability was mitigated by eliminating the insecure code.
- CVE-2025-31201: Apple
Given the significance of these security updates, we strongly advise updating your Apple devices to the latest software versions without delay. This includes iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS 15.4.1, and visionOS 2.4.1. Currently, Apple has not issued a new software update for the Apple Watch.
My Top iPhone Accessories:
Connect with Chance: Threads, Bluesky, Instagram, and Mastodon.
