Apple’s iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 60 … More security vulnerabilities, some of which are serious.<\/p>\n
Apple iPhone<\/p>\n
Update, April. 01, 2025: This story, originally published Mar. 31, now includes additional expert analysis on the flaws fixed iOS 18.4, as well as details about the other updates issued by Apple.<\/p>\n
Apple has issued iOS 18.4, along with a number of cool new iPhone features. But the iOS 18.4 update<\/a> also comes with a warning to update now, because it fixes a hefty list of 62 security vulnerabilities, some of which are serious.<\/p>\n Apple doesn\u2019t give much detail about what\u2019s fixed in iOS 18.4, to give people as much time to update their iPhones as possible before attackers can get hold of the details. Among the fixes, the iOS 18.4 upgrade patches several critical bugs in WebKit, the engine that underpins the Safari browser \u2014 and the Kernel at the heart of the iPhone operating system.<\/p>\n Apple\u2019s iOS 18.4 patches an issue in the iPhone Kernel tracked as tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures.<\/p>\n Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross-site scripting attack<\/a> \u2014 where an attacker injects malicious scripts into a trusted website \u2014 if you inadvertently <\/strong>load a malicious iframe, Apple warns on its support page<\/a>.<\/p>\n The iOS 18.4 patches come less than a month after Apple\u2019s emergency iPhone update 18.3.2<\/a>, which fixed a flaw already being used in real-life attacks<\/a>.<\/p>\n Breaking Down The Bugs Squashed In iOS 18.4<\/p>\n A significant number of the vulnerabilities fixed in iOS 18.4 were in WebKit. This shows that attackers continue to focus on exploiting the framework that downloads and presents web-based content, says Adam Boynton, senior security strategy manager EMEIA at Jamf.<\/p>\n Another key iOS 18.4 fix is in the Kernel, which is \u201ccrucial\u201d because it manages all operating system operations and hardware interactions on your iPhone, says Boynton. He points out that the bug fixed in iOS 18.4 is worrying, because it \u201callows an attacker to attempt passcode entries despite the device being locked.\u201d<\/p>\n The iOS 18.4 update also addresses vulnerabilities in Apple\u2019s Core Media. This framework is commonly used to process media, supporting a broad set of apps and managing data queues in memory, says Boynton. \u201cBy targeting these vulnerabilities, attackers can corrupt process memory and access sensitive information,\u201d he warns.<\/p>\n While Apple hasn\u2019t mentioned any instances of these vulnerabilities being exploited in real attacks, the CVEs are now public, Boynton says. \u201cAttackers will likely target devices that have yet to be updated, so downloading iOS 18.4 is essential for all users.\u201d<\/p>\n Apple Issues iPadOS 17.7.6, iOS 16.7.11 And iOS 15.8.4<\/p>\n