Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities
The iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1 updates that Apple released today include fixes for two major vulnerabilities, which means you should install the new software as soon as you can.
According to Apple, it is aware of reports that these vulnerabilities may have been actively exploited in the wild. Apple says that the security flaws were potentially used in an "extremely sophisticated attack against specific targeted individuals."
One of the issues impacts CoreAudio, and involves a maliciously crafted audio file. Processing the audio stream in the media file could result in code execution. Apple fixed the memory corruption issue with improved bounds checking.
The other vulnerability affected pointer authentication code, and an attacker with arbitrary read and write capability could bypass the Pointer Authentication features that prevent memory from being tampered with. Apple removed the vulnerable code to prevent the exploit from working.
All of the updates are available today, and focus primarily on the security fixes. iOS 18.4.1 also addresses an issue that could prevent some wireless CarPlay setups from working properly in select vehicles.
Popular Stories
Apple today released a new Pride Edition Sport Loop for the Apple Watch. The band features a rainbow design with 11 colors of woven nylon yarns.
The new Pride Edition Sport Loop is available to order now on Apple.com and in the Apple Store app in 40mm, 42mm, and 46mm sizes, and it will be available at Apple Store locations starting later this week. In the U.S., the band costs $49.
There...
iOS 26.5 includes three new features for iPhones, according to Apple's release notes for the update, which is expected to be released next week.
As discovered during beta testing, iOS 26.5 enables end-to-end encryption for RCS messaging between iOS and Android devices. Apple says this security upgrade is limited to supported carriers around the world and will continue to roll out....
Instagram will remove end-to-end encryption for direct messages between users from May 8, 2026. When the date comes around, Meta will potentially be able to see the contents of all messages between users on the social media platform.
Encrypting messages has been an optional feature in Instagram since 2023, but in March of this year the social media platform quietly updated a help page to say ...
