Apple has released a new software update for all iPhone owners that fixes two security vulnerabilities. If you have an iPhone in your pocket you can head to the Settings app today and check for a software update, which should be waiting for you if you have an iPhone released in 2018 or later.
That means if you have an iPhone XR or XS or newer, your phone can get the new update, iOS 18.4.1. While iOS 18 is the name of the current version of iPhone software, Apple updates it frequently when the firm comes across security bugs that could leave its customers at risk.
iOS 18.4.1 fixes two flaws that Apple said could have been exploited in “extremely sophisticated” attacks. One bug targeted the iPhone’s Core Audio framework, which allows audio devices to connect to iPhones, and the other is related to RPAC, part of Apple’s security against memory corruption on iPhones.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” Apple said of both bugs in its notes on iOS 18.4.1.
Even though you are unlikely to be targeted successfully in such attacks, the bugs make it possible for criminals to access your device and personal data. So, just like with every security update Apple pushes out for iOS, it’s best to update to this latest version.
“With the security fixes in iOS 18.4.1 addressing two zero-day vulnerabilities, it is essential that all users immediately update their Apple devices,” said Adam Boynton, Senior Security Strategy Manager EMEIA at security firm Jamf.
“Notably, in this release, Apple addressed an actively exploited CoreMedia flaw that could have allowed malicious code execution through the processing of a media file. Apple has mitigated this vulnerability by implementing improved bounds checking.”
This latest update comes after iOS 18.4 was released on March 31, and amongst other things introduced some new emojis for iPhone users, including a face with bags under the eyes. Tell us about it, Apple.
“The iOS update also resolves a bug in RRAC that allows an attacker to bypass Pointer Authentication,” Jamf’s Boynter said. “Pointer Authentication is a security mechanism designed to resist memory disclosure attacks—bypassing it gives an attacker the opportunity to launch attacks and access to parts of the device’s memory.
“The fact that these two vulnerabilities are extremely sophisticated to exploit explains why Apple has only observed attacks against specific, targeted individuals. However, the limited scope of these attacks should not deter users from updating their devices promptly.”
