Apple has issued an urgent update for iPhone users following the discovery of two significant security vulnerabilities. The update, iOS 18.4.1, addresses flaws that have been exploited in sophisticated attacks targeting specific individuals. Released on Wednesday (April 16), this update is crucial for users with iPhone XS and later models, as well as certain iPads.
The first vulnerability, identified as CVE-2025-31200, involves a memory corruption issue in the CoreAudio system, which could allow malicious code execution through specially crafted media files. The second flaw, CVE-2025-31201, affects the RPAC system, potentially allowing attackers to bypass Pointer Authentication and gain unauthorized access to devices.
According to Apple's support page, these vulnerabilities have been used in targeted attacks against individuals such as journalists, dissidents, and government officials. The company has not disclosed full details to prevent further exploitation before users can update their devices.
Independent security researcher Sean Wright emphasized the importance of the update, telling Forbes that while the attacks are targeted, widespread exploitation could occur if attackers obtain detailed information about the vulnerabilities. Wright advised users to update their devices promptly but mentioned that there is generally no need for panic.
The iOS 18.4.1 update follows the recent iOS 18.4 release, which addressed 62 vulnerabilities, underscoring the ongoing need for vigilance in device security. Users can download the update by navigating to Settings > General > Software Update on their devices.