Apple has released iOS 18.4.1, a minor yet crucial update that fixes a CarPlay issue and addresses several serious security flaws, making it essential for all iPhone users to install.
Following the release of iOS 18.4 earlier this month, numerous iPhone and CarPlay users reported experiencing random connection problems and other issues. Some users encountered disconnections and reconnections with CarPlay, while others saw a blank CarPlay screen. Apple described the update as addressing “a rare issue that prevents wireless CarPlay connection in certain vehicles.”
The latest update resolves two significant security vulnerabilities that have been exploited in targeted attacks. The first, CVE-2025-31200, involves a scenario where “processing an audio stream in a maliciously crafted media file may result in code execution.” This occurs when an attacker crafts a media file with malware using Apple’s CoreAudio framework. Upon launching the file, the malicious code is triggered, granting the attacker access to the device. Apple noted that this vulnerability may have been used in a highly sophisticated attack against specific individuals on iOS. To fix this bug, the company addressed a memory corruption issue that allowed a program to modify memory and execute malicious code.
The second security flaw, CVE-2025-31201, allows “an attacker with arbitrary read and write capability [to] be able to bypass Pointer Authentication.” Pointer Authentication is a protective measure designed to prevent attacks that corrupt system memory. Exploiting this flaw enables an attacker to access memory by bypassing this protection, potentially running malicious code or stealing sensitive data. This vulnerability was also used in attacks against targeted individuals. Apple resolved the issue by removing the vulnerable code.
Typically, such vulnerabilities are exploited in highly targeted attacks against high-profile individuals like political figures and journalists. However, these flaws pose a significant threat to the security of Apple devices, emphasizing the importance of installing the update for all users. While the CarPlay fix is specific to iOS, the security patches apply to other Apple products as well. Consequently, Apple has also updated iPadOS, MacOS, TVOS, and VisionOS. Users of these operating systems and associated devices are advised to download and install the latest updates.
