Apple has released iOS 18.4.1 and iPadOS 18.4.1, critical security updates for iPhones and iPads, to address actively exploited vulnerabilities. The updates are recommended for all users of affected devices.
Affected Devices:
- iPhone XS and later
- iPad Pro (13-inch)
- iPad Pro (12.9-inch, 3rd generation and later)
- iPad Pro (11-inch, 1st generation and later)
- iPad Air (3rd generation and later)
- iPad (7th generation and later)
- iPad mini (5th generation and later)
CVE’S CVE-2025-31200 & CVE-2025-31201
- CVE-2025-31200: CoreAudio | Apple and Google Threat Analysis Group
Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: A memory corruption issue was addressed with improved bounds checking.
- CVE-2025-31201: Apple | RPAC
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: This issue was addressed by removing the vulnerable code.
Vulnerabilities Addressed:
CoreAudio: Processing a maliciously crafted audio stream could lead to arbitrary code execution. Apple is aware of reports that this vulnerability may have been exploited in highly targeted attacks.
RPAC: An attacker with arbitrary read and write capabilities may be able to bypass Pointer Authentication.
Immediate Action Recommended:
Apple strongly advises users to update their devices to iOS 18.4.1 or iPadOS 18.4.1 immediately to protect themselves from these potential threats. These updates contain important security fixes and are essential for maintaining the security of your Apple devices.
Users can typically update their devices by going to Settings > General > Software Update.
