Apple has issued an urgent alert urging iPhone users to immediately install iOS 18.4.1, warning that newly discovered security vulnerabilities may have already been exploited in highly sophisticated cyberattacks.

Alongside iOS 18.4.1, Apple also released updates for iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1. While these are technically minor updates, Apple emphasizes their importance, noting that they should not be ignored.

According to Apple, the company has received reports that these vulnerabilities may have been actively exploited in real-world attacks. The flaws were reportedly used in targeted campaigns aimed at specific individuals.

Once installed, the update protects iPhones and iPads from a vulnerability in the audio stream handling system - a bug that could allow attackers to execute arbitrary code. In other words, a compromised device could be forced to run malicious code created by hackers.

This particular flaw stems from a memory corruption issue, which Apple has addressed using a technique known as bounds checking. This prevents data from being written outside of intended memory locations, helping to block potential exploits.

Two major vulnerabilities identified

One of the security flaws, identified as CVE-2025-31200, was discovered and reported by both Google and Apple. It affects devices including:
iPhone XS and later;
iPad Pro 13-inch;
iPad Pro 12.9-inch (3rd generation and later);
iPad Pro 11-inch (all generations);
iPad Air (3rd generation and later);
iPad (7th generation and later);
iPad mini (5th generation and later).

The second vulnerability, CVE-2025-31201, was discovered by Apple itself and relates to insecure source code. It allows attackers to bypass Pointer Authentication - a key security feature of Apple’s A-series and M-series chips - gaining unauthorized read/write access.

Pointer Authentication is designed to prevent memory corruption attacks, which could otherwise allow malicious code execution with serious consequences.

Apple confirmed that this vulnerability was used in real-world attacks targeting select individuals. To resolve the issue, the company has removed the vulnerable code segment, strengthening security in both iOS and iPadOS.

How to update to iOS 18.4.1 or iPadOS 18.4.1

To update, go to Settings > General > Software Update and follow the on-screen instructions.

The update takes only a few minutes to install but can prevent hackers from accessing sensitive financial apps or even wiping your bank accounts. This is a vital security update - users are strongly advised to install it immediately.

All the updates are now available and primarily focus on patching security vulnerabilities. Additionally, iOS 18.4.1 resolves an issue that caused wireless CarPlay to malfunction on certain car models.

Hai Phong (PhoneArena, MacRumors)