Apple Urges Users to Update iOS After Serious Security Vulnerabilities Found

Cupertino, California — Apple has released an urgent security update, iOS 18.4.1, due to two critical vulnerabilities that hackers have actively exploited. The company urges all users to update their devices immediately to safeguard against what it calls ‘extremely sophisticated cyber attacks.’

The vulnerabilities are linked to CoreAudio and Remote Procedure Authentication Control (RPAC), which are essential components of the iOS system. CoreAudio manages sound processing on iPhones, and attackers could use malicious audio files to execute code on victims’ devices. This type of attack could occur merely by playing a compromised audio file received via web links, emails, or apps.

Apple’s security advisory indicates that this issue has been mitigated through ‘improved bounds checking.’ Additionally, the flaw in RPAC allows attackers with limited access to bypass a security feature called Pointer Authentication, potentially leading to complete system control, data theft, or malware installation. Apple commented that it was tackling a threat severe enough that it could not be patched without immediate action.

Although Apple did not disclose specific details regarding active attacks, it confirmed they were ‘in the wild,’ meaning users were at risk in real-time situations. The vulnerabilities were likely aimed at high-value targets, such as journalists and executives, but the risk could extend to the broader public.

Users are encouraged to update to iOS 18.4.1 or iPadOS 18.4.1. To do this, go to: Settings > General > Software Update and tap ‘Install Now.’ Apple emphasizes that even if you do not consider yourself a high-risk individual, updating is essential to remain protected.

This incident highlights the increasing sophistication of cyberattacks targeting mobile devices. While iPhones are considered secure, zero-day vulnerabilities can pose significant risks. Apple’s quick response underscores the importance of proactive security measures, especially for users handling sensitive information.