Apple Releases Critical Security Updates for iOS and iPadOS: Update Now to Protect Your Devices
Apple has released crucial security updates to address two zero-day vulnerabilities in iOS and iPadOS. Learn why updating to iOS 18.4.1 or iPadOS 18.4.1 is essential for your device's security.
TL;DR
Apple has released a critical security update for iOS and iPadOS, addressing two zero-day vulnerabilities that have been exploited in sophisticated attacks. Users are urged to update to iOS 18.4.1 or iPadOS 18.4.1 immediately to protect their devices.
Critical Security Updates for iOS and iPadOS: Protect Your Devices Now
Apple has released a security update for iOS and iPadOS to address two zero-day vulnerabilities that have been exploited in highly sophisticated attacks against specific individuals. These vulnerabilities allowed attackers to bypass memory protections, potentially leading to complete control over targeted iPhones when combined with other unpatched vulnerabilities or malicious apps.
Affected Devices
The update is available for the following devices:
- iPhone XS and later
- iPad Pro 13-inch
- iPad Pro 13.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later
- iPad mini 5th generation and later
How to Update
To ensure your device is protected, check for the latest software version by navigating to Settings > General > Software Update. Ensure you are on iOS 18.4.1 or iPadOS 18.4.1. If not, update immediately. It is also recommended to turn on Automatic Updates, which can be done on the same screen.
Technical Details
The Common Vulnerabilities and Exposures (CVE) database lists the zero-day vulnerabilities patched in these updates:
-
CVE-2025-31200: This vulnerability involves a memory corruption issue that could allow code execution when processing a maliciously crafted media file. It has been addressed with improved bounds checking.
-
CVE-2025-31201: This vulnerability could allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. It has been addressed by removing the vulnerable code.
Given that both vulnerabilities were used in sophisticated attacks and patched simultaneously, it is likely they were chained together for successful exploitation.
Understanding Pointer Authentication
Apple’s Pointer Authentication (PA) is a hardware security feature designed to detect and prevent tampering with critical pointers in memory. When creating a pointer, the system adds a cryptographic signature (PAC) using secret keys. Before using the pointer, the system checks if the signature still matches.
A memory corruption issue can allow an attacker to modify a small portion of the device’s memory. In this case, the attacker likely used this capability to create a pointer that bypassed Pointer Authentication, redirecting it to their malicious code. Previous research has shown that attackers with full memory control can bypass Pointer Authentication.
Apple does not disclose security issues until an investigation has occurred and patches are available, to prevent attackers from reverse engineering the updates. This makes it crucial to update before these exploits are used in more widespread attacks.
Conclusion
Updating your iOS and iPadOS devices to the latest version is essential to protect against these critical vulnerabilities. Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS and Malwarebytes for Android today.
For more details, visit the full article: source
Additional Resources
For further insights, check out these authoritative sources: