Apple has published a critical update for iPhone users with the publication of iOS 18.4.1, addressing two serious security vulnerabilities which are already exploited in real world attacks.
The first defect fixed in iOS 18.4.1 is a problem in the iPhone co-core followed under the name of CVE-2025-31200 and reported by Apple and the Google Threat Analysis Group. The processing of an audio flow in a maliciously manufactured multimedia file can lead to the execution of the code, warned Apple on its assistance page.
“Apple is aware of a report that this problem may have been used in an extremely sophisticated attack against specific targeted individuals on iOS,” added the iPhone manufacturer.
The second bug corrected in iOS 18.4.1 is a defect in RPAC followed under the name of CVE-2025-31201 and reported by Apple. Vulnerability could allow an attacker with a capacity for reading and arbitrary writing to bypass the authentication of the pointer, said Apple, adding that the problem could also have been exploited in an “extremely sophisticated attack”.
The iOS 18.4.1 update comes only two weeks after the release of iOS 18.4, which itself corrected 62 vulnerabilities, stressing the importance of the last upgrade.
The fact that iOS 18.4.1 was issued so quickly and between updates and the nature of the vulnerabilities indicates that “targeted attacks” refer to Apple could have implied spy software. The first defect of the basic media was reported by the Google threat analysis group which often discovers defects of this type.
Meanwhile, cybersecurity expert Paul Ducklin explicitly says that iOS 18.4.1 patches tackle the vulnerabilities used to plant spy software. He calls the basic audio defect a “death podcast”.
“I exaggerate for the effect, but update your iPhone anyway – double day zero used in the attack on spy software. An audio file rogue could Pwn Apple iOS. Also applies to the rest of the Apple ecosystem”, writes Ducklin in an article on X, formerly Twitter.
News.az
