MILLIONS OF IPHONE USERS WARNED TO UPDATE THEIR PHONE IMMEDIATELY OVER EXTREMELY DANGEROUS ATTACK
On April 16, Apple posted the most recent iOS update on its website. If you've already noticed that your phone has a software update available, you've probably seen a brief explanation of iOS 18.4.1. "This update introduces eight new emojis, a new Sketch Style option in Image Playground, recipes in Apple News+, and refinements to help organise and filter your library in Photos," the iOS 18.4.1 update says, easing the blow a little before getting down to business.
"Your iPhone has security updates, bug fixes, and additional features with this release. Granted, emojis and new Sketch Style options are great and all that, but if you're a bit more concerned about the 'bug fixes and security updates', then don't fret because we did some deep-diving for you.
What's included in Apple's iOS 18.4.1 update
"For the protection of our customers, Apple does not reveal, discuss, or confirm security issues until an investigation has taken place and patches or releases are ready," the company states on the 'About the security content of iOS 18.4.1 and iPadOS 18.4.1' page of its website. The Apple security releases page lists the most recent releases.
Thankfully, the investigation has occurred, and problems have been identified.
Apple's report continues identifying two iPhone security flaws which the iOS 18.4.1 update will better protect users against.
What the two iPhone security flaws are that Apple's iOS 18.4.1 update is fixing.
According to Apple's website, the two security weaknesses are related to memory corruption issues with the CoreAudio and RPAC components. The following devices are compatible with CoreAudio: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch, iPad Pro 11-inch, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. According to Apple, the CoreAudio assault is "an extraordinarily sophisticated attack against specific targeted persons on iOS" that may result in "code execution" if an audio stream is processed in a "maliciously designed media file."
RPAC is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. An attacker "with arbitrary read and write capability may be able to defeat Pointer Authentication," according to Apple's disclosure. Apple reaffirmed, "Apple is aware of a report that this problem may have been exploited in an exceptionally sophisticated assault against specific targeted persons on iOS."
How Apple's iOS 18.4.1 has resolved the security issues
Thankfully, iOS 18.4.1 has resolved both issues, Apple noting the 'memory corruption issue' with CoreAudio was 'addressed with improved bounds checking' and the RPAC issue was 'addressed by removing the vulnerable code'.
