iOS 18.4.1 — update your iPhone right now to apply emergency security fix

If you’ve been putting off updating your iPhone (or any other Apple device), now’s the time to do so, as a new round of emergency security updates has been released to address two new security vulnerabilities.

According to BleepingComputer, the company quickly patched these newly discovered vulnerabilities after realizing they may have been exploited in a “highly sophisticated attack.” In a security bulletin, Apple explained that this attack targeted “specific individuals” using one of the best iPhones.

The first vulnerability (reported as CVE-2025-31200) is a CoreAudio vulnerability discovered by security researchers from Apple and Google’s Threat Analysis Group. If exploited by attackers, it could be used to remotely execute code on a vulnerable device by manipulating an audio stream in a maliciously crafted media file.

The second vulnerability (identified as CVE-2025-31201) is a vulnerability in Apple’s Remote Access Control (RPAC) system, discovered by the company itself. Attackers with read and write access to a vulnerable device could exploit this vulnerability to bypass an iOS security feature called Point Authentication, which protects memory.

Impacted Apple devices

As usual, Apple has not disclosed further details on how these vulnerabilities were exploited in this highly sophisticated attack.

The company is doing this to give its users enough time to update their devices, while preventing hackers from reorganizing and recreating these attacks. What we do know is that many Apple devices are affected by these two zero-day vulnerabilities, including:

iPhone (XS and later)
iPad Pro 13-inch, iPad Pro 13.9-inch (3rd generation and later)
iPad Pro 11-inch (1st generation and later)
iPad Air (3rd generation and later)
iPad (7th generation and later)
iPad mini (5th generation and later)
Mac running macOS Sequoia
Apple TV HD
Apple TV 4K (all models)
Apple Vision Pro

As for Apple’s zero-day vulnerabilities, they could be extremely valuable to hackers and other cybercriminals. This is why they are often used in attacks against high-profile figures, such as CEOs and politicians, rather than ordinary people.

However, it’s recommended that you update your Apple devices as soon as possible, as attacks exploiting vulnerabilities like these often end up affecting regular users.

How to keep your iPhone and Mac safe from hackers

Hackers like to target people using outdated software; they’re easy targets. For this reason, it’s recommended that you install the latest security updates for iPhones, Macs, and other Apple devices as soon as they become available to reduce the risk of falling victim to an attack exploiting vulnerabilities or previously patched vulnerabilities.

You should therefore ensure that you and your family members adhere to good computer hygiene.

This means not clicking on links or downloading attachments from unknown senders, and not responding to suspicious emails that arrive in a hurry. All of the above examples indicate a phishing scam that could compromise your personal and financial data and make you a victim of identity theft.

Although your Mac comes preinstalled with Apple’s XProtect security software, you may also want to use the best Mac antivirus for additional protection.

While no iPhone antivirus software can match the best Android antivirus apps due to Apple’s malware scanning limitations, Intego’s Mac antivirus software can scan your iPhone or iPad for malware when it’s connected to your computer via USB.

Antivirus software can help protect you from malware or other cyberattacks. However, the best identity theft protection services can help you recover your identity and any money lost to fraud after an attack.

With these two vulnerabilities, Apple has now patched a total of five vulnerabilities since the beginning of this year.

This may seem scary at first, but it’s actually a good thing. The company regularly updates its software to keep you and your Apple devices secure. However, it’s your responsibility to install these updates to avoid falling victim to cyberattacks that exploit these vulnerabilities.