The American government also warns against the two vulnerabilities set in iOS 18.4.1 – … More
Apple has already underlined the importance of updating iOS 18.4.1, the upgrade of emergency iPhone published just a few days ago. But now, the American government also warns against the two vulnerabilities set in iOS 18.4.1 – which are both exploited in real attacks.
Government Agency The Cybersecurity and Infrastructure Security Agency added both the faults set in iOS 18.4.1 to its Catalog of known exploited vulnerabilities. In simple terms, this is an index of questions known to be used in real attacks which could be a risk for government agencies, businesses and individuals.
The CISA also gives government agencies a deadline for May. 8 To update to iOS 18.4.1, to ensure the safety of iPhones and other Apple devices used in these scenarios.
The deadline iOS 18.4.1 is specifically for government agencies, but the agency advises companies to also use it as a reference – and people who could risk iPhone attacks.
The defects corrected in the update of the iPhone iOS 18.4.1
IOS 18.4.1 Apple corrects two faults that affect the iPhones performing the versions of the iOS operating system 18.4 or earlier. In case you ask yourself the question, this is the front version iOS 18.4.1.
The first is CVE-2025-31200, A vulnerability of memory corruption which affects several Apple products. If it is exploited in the attacks, the fault fixed in iOS 18.4.1 could allow an opponent to execute code on your device. “Apple iOS, iPados, macOS and other Apple products contain a vulnerability of memory corruption which allows code execution when processing an audio flow in a maliciously manufactured multimedia file,” said CISA in its opinion.
The agency advises “The application of supplier’s instructions by instructions, follow the applicable DBO 22-01 advice for cloud services or interrupt the use of the product if the attenuations are not available.”
The second defect corrected in iOS 18.4.1, CVE-2025-31201, is a vulnerability of reading and arbitrary writing. “Apple iOS, iPados, macOS and other Apple products contain an arbitrary reading and writing vulnerability that allows an attacker to get around the authentication of the pointer,” warned Cisa.
Pointer authentication is a safety mechanism designed to withstand memory disclosure attacks, explains Adam Boynton, principal director of security strategy, EMEIA at Jamf told me. “Bypassing it gives an attacker the possibility of launching attacks and access to parts of the device’s memory.”
Again, Cisa advises organizations “Apply supplier instructions attenuations, follow the applicable DBO 22-01 advice for cloud services or interrupt the use of the product if the attenuations are not available.”
IOS 18.4.1 update to keep your iPhone secure
Apple says that the defects set in iOS 18.4.1 were used in targeted attacks on iOS devices. Some have hypothesized that this could have involved spy software, a type of malware that allows opponents to see and hear everything you do on your device.
The problems solved in iOS 18.4.1 were probably targeted against journalists, government representatives, dissidents and businesses in certain sectors. However, once the defects are available – because they are now the iOS 18.4.1 fixes have arrived – more attackers could use them more widely.
As Cisa says, the types of vulnerabilities included in its KEV are “frequent attack vectors for malicious cyber-actors and present significant risks for the federal enterprise”.
In addition to the FCEB agencies, the CISA “exhorts strongly to all organizations to reduce their exposure to cyberattacks by prioritizing the appropriate sanitation of the catalog vulnerabilities in the context of their vulnerability management practice”.
In other words, update to iOS 18.4.1 As soon as possible and before the deadline. Access Settings> General> Software update and improve your iPhone to iOS 18.4.1 Now.
