iOS 18.4.1 — update your iPhone right now to apply emergency security fix

News
By last updated

You're also going to want to update your iPad, Mac and other Apple devices while you're at it too

iPhone 16 Pro shown held in hand
(Image credit: Tom's Guide)

If you’ve been holding off updating your iPhone (or your other Apple devices for that matter), now is the time to do so as a new series of emergency security updates have been released to fix two zero-day flaws.

As reported by BleepingComputer, these recently discovered vulnerabilities were quickly patched by the company after it became aware that they may have been exploited in an “extremely sophisticated attack”. In a security bulletin, Apple explains that this attack was against “specific targeted individuals” using one of the best iPhones.

The first zero-day (tracked as CVE-2025-31200) is a flaw in CoreAudio that was discovered by security researchers from both Apple and Google’s Threat Analysis Group. If exploited by hackers, it can be used to execute remote code on a vulnerable device by processing an audio stream in a maliciously crafted media file.

The second zero-day (tracked as CVE-2025-31201) is a flaw in Apple’s Remote Participant Audio Control (RPAC) framework that the company discovered on its own. Hackers with read and write access to a vulnerable device can exploit this vulnerability to bypass an iOS security feature called Pointer Authentication which helps protect against memory

Impacted Apple devices

Two people standing around a MacBook. The person on the right of the image is holding an iPhone in their left hand

(Image credit: Tom's Guide)

Just like it normally does, Apple hasn’t shared any additional details regarding how these zero-day flaws were exploited in this extremely sophisticated attack.

The reason the company does things this way is to give its users plenty of time to update their devices while also preventing hackers from reverse engineering these attacks so that they can recreate them.

What we do know though is that a ton of Apple devices are impacted by these two zero-days including:

  • iPhone (XS and later)
  • iPad Pro 13-inch, iPad Pro 13.9 inch (3rd gen and later)
  • iPad Pro 11-inch (1st gen and later)
  • iPad Air (3rd gen and later)
  • iPad (7th gen and later)
  • iPad mini (5th gen and alter)
  • Macs running macOS Sequoia
  • Apple TV HD
  • Apple TV 4K (all models)
  • Apple Vision Pro

When it comes to Apple zero-days, they can be highly valuable for hackers and other cybercriminals. As such, they’re often used in attacks against high-profile individuals like CEOs and politicians instead of ordinary people.

Still though, you’re going to want to update your Apple devices ASAP since attacks exploiting vulnerabilities like these tend to trickle down to ordinary users eventually.

How to keep your iPhone and Mac safe from hackers

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Hackers love to go after people running outdated software as they’re easy targets. For this reason, you want to install the latest iPhone, Mac and other security updates from Apple as soon as they become available to minimize your risk of falling victim to an attack leveraging security flaws or vulnerabilities that have already been patched.

From here, you want to make sure that you and the rest of your household are practicing good cyber hygiene.

This means not clicking on links or downloading attachments from unknown senders as well as not responding to suspicious emails that come with a sense of urgency. All of the examples above are tell-tale signs of a phishing scam which could put your personal and financial data at risk and could potentially lead to you falling victim to identity theft.

While your Mac comes with Apple’s own XProtect security software pre-installed, you may also want to consider using the best Mac antivirus software alongside it for extra protection.

Although there isn’t an iPhone equivalent to the best Android antivirus apps due to Apple’s own restrictions around malware scanning, Intego’s Mac antivirus software can scan your iPhone or iPad for malware when connected to your computer via a USB cable.

Antivirus software can help prevent you from falling victim to a nasty malware infection or other cyberattacks in the first place. However, the best identity theft protection services can help you recover your identity and regain any funds lost to fraud following an attack.

With these two vulnerabilities, Apple has now patched a total of five zero-day flaws since the beginning of this year.

While this might sound scary at first, it’s actually a good thing as the company routinely updates its software to keep you and your Apple devices safe. However, it’s on you to install these updates to avoid falling victim to any cyberattacks that exploit these flaws.

More from Tom's Guide

See more Computing News
TOPICS
Anthony Spadafora
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.