Apple urges immediate iOS update to 18.4.1 due to serious vulnerabilities
- iOS 18.4.1 was released to address critical security vulnerabilities exploited in targeted attacks.
- The Cybersecurity and Infrastructure Security Agency has set a May 8 deadline for government agencies to apply the update.
- Users are strongly advised to update their devices promptly to enhance security and prevent exploitation.
In the United States, the recent release of iOS 18.4.1 has become urgent as both Apple and the U.S. government have emphasized the need for users to upgrade. The update was made available shortly after the previous version, iOS 18.4, which had been issued only two weeks prior. While iOS 18.4 had introduced new features and addressed significant security flaws, the nature of the vulnerabilities patched in 18.4.1 demanded swift action due to their exploitation in real-world attacks against specific individuals. The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. has classified two of the vulnerabilities fixed in this update as critically important. The flaws include a memory corruption vulnerability and an arbitrary read and write vulnerability, both of which enable attackers to execute malicious code on iPhones and other Apple devices. Specifically, the first issue, identified as CVE-2025-31200, relates to processing audio streams from potentially harmful sources, while the second, CVE-2025-31201, allows unauthorized access to parts of the device's memory by bypassing security measures. Due to the heightened risk associated with these vulnerabilities, the U.S. government has issued an advisement with a deadline of May 8 for all government agencies to update their devices to iOS 18.4.1. The recommendation aims to protect sensitive information and minimize the risk of exploitation, especially for individuals working in critical sectors such as government, journalism, and public service. Apple has stressed the urgency of applying the update promptly to keep devices secure against potential attacks. As reports suggest that the vulnerabilities could be leveraged by hackers to deploy spyware, which poses significant threats to the privacy and security of users, the stakes for timely updates are clear. With the effectiveness of attacks potentially targeting high-profile individuals, the agency's warning serves as a critical notice for users of all levels to prioritize their device security. Given the nature of these threats and the implied risk of increased exploitation as details of the vulnerabilities become known, users are urged to act quickly and update their systems without delay.