Apple is advising users to update their iOS devices following the discovery of two “extremely sophisticated attacks.”
The tech giant announced the latest iOS update on its website on April 16. If you’ve seen the Software Update notification on your phone, it mentions iOS 18.4.1.
Before delving into technical details, the iOS 18.4.1 update highlights: “This update introduces eight new emojis, a new Sketch Style option in Image Playground, recipes in Apple News+, and enhancements to better organize and filter your library in Photos.
“This release includes other features, bug fixes, and security updates for your iPhone.”
While new emojis and features are appealing, those concerned about “bug fixes and security updates” should know we’ve looked into the details for you.
On a webpage titled ‘About the security content of iOS 18.4.1 and iPadOS 18.4.1′, Apple states: “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.”
Fortunately, the investigation is complete, and the issues have been pinpointed.
The report highlights two iPhone security vulnerabilities that the iOS 18.4.1 update aims to address more effectively.
What exactly are these issues?
Apple’s site identifies the two security flaws as related to its CoreAudio and RPAC components, specifically concerning memory corruption issues.
CoreAudio is “available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.”
Apple describes the attack on CoreAudio as “an extremely sophisticated attack against specific targeted individuals on iOS,” which could result in “code execution” when processing “a maliciously crafted media file.”
RPAC is “available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.”
Apple found that an attacker “with arbitrary read and write capability may be able to bypass Pointer Authentication.”
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” Apple reiterated.
Thankfully, both issues have been resolved in iOS 18.4.1. Apple notes that the “memory corruption issue” with CoreAudio was “addressed with improved bounds checking,” while the RPAC issue was “addressed by removing the vulnerable code.”