Apple has urgently released iOS 18.4.1, a critical security update addressing two major vulnerabilities that are being actively exploited in cyberattacks.
The flaws affect the CoreAudio and Pointer Authentication systems, potentially allowing hackers to execute malicious code and access private data.
According to Apple, the CoreAudio vulnerability involves a highly sophisticated attack that targets specific individuals through malicious media files. If exploited, this flaw could allow unauthorized code execution.
The second issue involves the Return Pointer Authentication Code (RPAC), a security feature designed to prevent code manipulation. Attackers were able to bypass it and gain read-write access on devices, including iPhones, iPads, MacBooks, Apple TVs, and Vision Pro headsets.
Apple confirmed that these vulnerabilities have been used to target high-risk individuals like journalists and government officials. The update also resolves a rare issue affecting wireless CarPlay connections in certain vehicles.
To protect user devices, Apple has released the following updates:
iOS 18.4.1 and iPadOS 18.4.1: Address major security threats.
macOS Sequoia 15.4.1: Provides essential patches for Mac users.
tvOS 18.4.1 and visionOS 2.4.1: Secure Apple TV and Vision Pro devices.
How to Update Your iPhone or iPad:
Open Settings
Tap General
Select Software Update
Follow the prompts to install the update
Ensure your device is charged or connected to power and has a stable internet connection before updating.
