Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities

[MacRumors]

The iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1 updates that Apple released today include fixes for two major vulnerabilities, which means you should install the new software as soon as you can.

According to Apple, it is aware of reports that these vulnerabilities may have been actively exploited in the wild. Apple says that the security flaws were potentially used in an "extremely sophisticated attack against specific targeted individuals."

One of the issues impacts CoreAudio, and involves a maliciously crafted audio file. Processing the audio stream in the media file could result in code execution. Apple fixed the memory corruption issue with improved bounds checking.

The other vulnerability affected pointer authentication code, and an attacker with arbitrary read and write capability could bypass the Pointer Authentication features that prevent memory from being tampered with. Apple removed the vulnerable code to prevent the exploit from working.

All of the updates are available today, and focus primarily on the security fixes. iOS 18.4.1 also addresses an issue that could prevent some wireless CarPlay setups from working properly in select vehicles.

Article Link: Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities

 

[PhillyGuy72]

Thanks. It is showing up now.

*For iPhone 13 Pro Max

 

[TigerNike23]

Not available as an IPSW yet. I’d love to update my folks’ phones but they don’t have enough space to do OTA updates.

 

[The Cockney Rebel]

Does this address the Apple Watch fully charged notification issue?

 

[t0rqx]

Instead of 'this affected only a small amount/handful of users' they changed their text to sophisticated attacks against specific individuals. Classic Apple Marketing.

 

[Havoc035]

Instead of 'this affected only a small amount/handful of users' they changed their text to sophisticated attacks against specific individuals. Classic Apple Marketing.

Sure, but this description is also arguably better for describing state sponsored targeted attacks.

 

[jz0309]

Obliged.
I like security and bug fixes

 

[rictus007]

I hope some day this type of updates are released as a “rapid security response”

 

[VictoryHighway]

I hope some day this type of updates are released as a “rapid security response”

Yeah. Whatever happened to those?

 

[imagineadam]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

 

[IAmStumped]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

How are they going to let anyone know? Their phone was hacked!

 

[lkrupp]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

Lots of people claim their iPhone was hacked but it always turns out to be adware or credentials issues, not an actual hack.

 

[russell_314]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

It’s not so much “hacked” as in taking advantage of unpatched exploits. I doubt most people are important enough for a targeted attack but there’s always a possibility you could be hit with some attack targeted at tens of thousands of people hoping to catch one that didn’t update.

 

[JohnC1959]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

Only a tiny number get affected but those that do certainly care. Too few for most of us to know someone but still matters to those that are attacked. And of course a big part of why so few ever notice is that the flaw gets fixed, most update and so those that would use the flaw start looking for other flaws and don't exploit the old one as much. It's a bit like getting vaccinated -- if most get one then those that don't get some protection thanks to the group.

 

[JohnC1959]

It’s not so much “hacked” as in taking advantage of unpatched exploits. I doubt most people are important enough for a targeted attack but there’s always a possibility you could be hit with some attack targeted at tens of thousands of people hoping to catch one that didn’t update.

I just know some hacker wants photos of my dogs! He can't have them!

 

[hoodafoo]

so are Big Sir and Sonoma users chopped liver now or something? where's our update??

 

[Steve01234]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

Hope you aren't journalist in a place adverse to that career, in high level government position handling classified or higher material, work in an embassy, etc. there are a few websites that DO report this news, so if you check them out then you will find out things you didn't want to know. one way these exploits try to fly under the radar is person / device specific attacks. you may of been hacked already and don't know it. thats especially so for attacks that delete themselves when they are done.

 

[hoodafoo]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

It just means you're not important

 

[N0ughtsAndCr0sses]

Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.

Poor people always don’t care about updates.

What are they gonna lose, the zeroes in the account? 🤣🤣🤣

 

[JohnC1959]

Poor people always don’t care about updates.

What are they gonna lose, the zeroes in the account? 🤣🤣🤣

I think maybe they're worried the update itself will have problems. While that's always possible the worst case would be trading one bug for another. The very nature of bug fix updates means they don't introduce anything new and it's the newer stuff that more likely introduces a bug. I can see skipping a major update and waiting for the minor bug update but it's silly to skip those bug ones.

 

[StevesBobs]

It's a repeating pattern.

- Minor Update.
- Security fix for a issue that minor update created after a couple weeks.

I get bugs happen but how do a few new emoji's, and a new built in app always create such big security flaws.
Sorry seems intentional at this point, almost like something the government is asking Apple to do.

 

[JohnC1959]

It's a repeating pattern.

- Minor Update.
- Security fix for a issue that minor update created after a couple weeks.

I get bugs happen but how do a few new emoji's, and a new built in app always create such big security flaws.
Sorry seems intentional at this point, almost like something the government is asking Apple to do.

For every new feature you see there can be dozens of low level changes you don't see. Some for performance, some to enable future features. But also, it can often be the case that the bug has been there for a long time (for multiple major releases) and is only just now found. It's very very likely that the security/bug fix was not to fix a problem caused by the prior minor update but for some much older uncaught bug.

 

[addamas]

Does anyone’s Mac also required typing iCloud password just after it finished update ?
Once again was trying to set up Apple Intelligence just after that + again moved Documents folder.

M3 Max there, updated from 15.4.0. Had weird pure black screen after update for a minute which was kinda scary compared to how it was before… lack of any progress bar during update is weird

 

[CarAnalogy]

Yeah. Whatever happened to those?

Seems they scared themselves right out of them after that last failed attempt. Fun lesson in trying to change your version number system late in the game.

 

[jayducharme]

Weird: after the update, I'm no longer receiving 2-factor authentication texts. I tried rebooting, but no luck. I'm still getting regular messages though.

Never mind. I'm a dope. After the last power-down I forgot to turn my iPhone back on. Everything's working fine.