Apple released iOS 18.4.1, and in addition to CarPlay bug fixes, the update also patches two security vulnerabilities that Apple says were actively exploited in the wild. The security fixes are also included in macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.
iOS 18.4.1 security fixes
Apple says it is is aware of reports that both of these security vulnerabilities “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
Here are the details on the vulnerabilities:
CoreAudio:
- Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
- Description: A memory corruption issue was addressed with improved bounds checking.
- CVE-2025-31200: Apple and Google Threat Analysis Group
RPAC:
- Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
- Description: This issue was addressed by removing the vulnerable code.
- CVE-2025-31201: Apple
With these important security fixes in mind, we recommend updating your Apple devices to their newest software versions as soon as possible. This includes iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS 15.4.1, and visionOS 2.4.1. As of right now, Apple hasn’t released a new software update for Apple Watch.
My favorite iPhone accessories:
Follow Chance: Threads, Bluesky, Instagram, and Mastodon.
FTC: We use income earning auto affiliate links. More.
