{"id":34166,"date":"2025-04-19T23:46:09","date_gmt":"2025-04-19T23:46:09","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/34166\/"},"modified":"2025-04-19T23:46:09","modified_gmt":"2025-04-19T23:46:09","slug":"new-ios-18-4-1-warning-you-have-18-days-to-update-your-iphone","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/34166\/","title":{"rendered":"New iOS 18.4.1 Warning\u2014You Have 18 Days To Update Your iPhone"},"content":{"rendered":"<p class=\"color-body light-text\" role=\"button\">The U.S. government is also warning about the two vulnerabilities fixed in iOS 18.4.1\u2014both of which &#8230; More are being exploited in real life attacks on iPhones.<\/p>\n<p>Apple iPhone<\/p>\n<p>Apple has already highlighted the importance of updating to <a href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/04\/17\/ios-1841-apple-issues-new-update-warning-to-all-iphone-users\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/04\/17\/ios-1841-apple-issues-new-update-warning-to-all-iphone-users\/\" target=\"_self\" aria-label=\"iOS 18.4.1\" rel=\"noopener\">iOS 18.4.1<\/a>, the emergency iPhone upgrade issued just days ago. But now the U.S. government is also warning about the two vulnerabilities fixed in iOS 18.4.1 \u2014 both of which are being exploited in real-life attacks.<\/p>\n<p>Government agency the <a class=\"color-link\" href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/04\/16\/cve-program-funding-cut-what-it-means-and-what-to-do-next\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/04\/16\/cve-program-funding-cut-what-it-means-and-what-to-do-next\/\" target=\"_self\" aria-label=\"Cybersecurity and Infrastructure Security Agency\" rel=\"noopener\">Cybersecurity and Infrastructure Security Agency <\/a>has added both the flaws fixed in iOS 18.4.1 to its <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" aria-label=\"Known Exploited Vulnerabilities Catalog\">Known Exploited Vulnerabilities Catalog<\/a>. In simple terms, this is an index of issues known to be used in real-life attacks that could be a risk to government agencies, businesses and individuals alike.<\/p>\n<p>CISA is also giving government agencies a deadline of May. 8 to update to iOS 18.4.1, to ensure the security of iPhones and other Apple devices being used in these scenarios.<\/p>\n<p>The <a href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/03\/14\/ios-1832-deadline-you-have-19-days-to-update-your-iphone\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/03\/14\/ios-1832-deadline-you-have-19-days-to-update-your-iphone\/\" target=\"_self\" aria-label=\"iOS 18.4.1 deadline\" rel=\"noopener\">iOS 18.4.1 deadline<\/a> is specifically for government agencies, but the agency advises businesses to use it as a benchmark too \u2014 and so should individuals who could be at risk from iPhone attacks.<\/p>\n<p>The Flaws Patched In The iOS 18.4.1 iPhone Update<\/p>\n<p>Apple\u2019s iOS 18.4.1 fixes two flaws that affect iPhones running operating system versions of <a href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/04\/02\/ios-184-update-now-warning-issued-to-all-iphone-users\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2025\/04\/02\/ios-184-update-now-warning-issued-to-all-iphone-users\/\" target=\"_self\" aria-label=\"iOS 18.4\" rel=\"noopener\">iOS 18.4<\/a> or earlier. In case you are wondering, that\u2019s the version before iOS 18.4.1.<\/p>\n<p>The first is <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-31200\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.cve.org\/CVERecord?id=CVE-2025-31200\" aria-label=\"CVE-2025-31200,\">CVE-2025-31200, <\/a>a memory corruption vulnerability that affects multiple Apple products. If exploited in attacks, the flaw fixed in iOS 18.4.1 could allow an adversary to execute code on your device.<strong> <\/strong>\u201cApple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file,\u201d CISA said in its advisory.<\/p>\n<p>The agency advises<strong> <\/strong>\u201capplying mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\u201d<\/p>\n<p>The second flaw patched in iOS 18.4.1, <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-31201\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" data-ga-track=\"ExternalLink:https:\/\/www.cve.org\/CVERecord?id=CVE-2025-31201\" aria-label=\"CVE-2025-31201,\">CVE-2025-31201, <\/a>is an arbitrary read and write vulnerability.<strong> <\/strong>\u201cApple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication,\u201d CISA warned.<\/p>\n<p>Pointer Authentication is a security mechanism designed to resist memory disclosure attacks, says Adam Boynton, senior security strategy manager EMEIA at Jamf told me. \u201cBypassing it gives an attacker the opportunity to launch attacks and access to parts of the device\u2019s memory.\u201d<\/p>\n<p>Again, CISA is advising organizations to<strong> <\/strong>\u201capply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\u201d<\/p>\n<p>Update To iOS 18.4.1 To Keep Your iPhone Secure<\/p>\n<p>Apple says the flaws fixed in iOS 18.4.1 were used in targeted attacks on iOS devices. Some have speculated that these could have involved spyware, a type of malware that allows adversaries to see and hear everything you do on your device.<\/p>\n<p>The issues fixed in iOS 18.4.1 were likely targeted against journalists, government officials, dissidents and businesses in certain sectors. However, once the flaws\u2019 details are out there \u2014 as they are now the iOS 18.4.1 fixes have arrived \u2014 more attackers could use them more broadly.<\/p>\n<p>As CISA says, the types of vulnerabilities included in its KEV are \u201cfrequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.\u201d<\/p>\n<p>As well as FCEB agencies, CISA \u201cstrongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.\u201d<\/p>\n<p>In other words, update to iOS 18.4.1 as soon as possible and before the deadline. Go to Settings &gt; General &gt; Software Update and upgrade your iPhone to iOS 18.4.1 now.<\/p>\n","protected":false},"excerpt":{"rendered":"The U.S. government is also warning about the two vulnerabilities fixed in iOS 18.4.1\u2014both of which &#8230; More&hellip;\n","protected":false},"author":2,"featured_media":34167,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3159],"tags":[19872,19873,19874,14395,19871,19869,19868,19875,19870,547,5744,53,16,15],"class_list":{"0":"post-34166","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-mobile","8":"tag-cisa-kev","9":"tag-cve-2025-31200","10":"tag-cve-2025-31201","11":"tag-ios-18-4-1","12":"tag-ios-18-4-1-cisa","13":"tag-ios-18-4-1-deadline","14":"tag-ios-18-4-1-should-i-upgrade","15":"tag-ios-18-4-1-spyware","16":"tag-ios-18-4-1-update-deadline","17":"tag-mobile","18":"tag-new-iphone-features","19":"tag-technology","20":"tag-uk","21":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114367298610104506","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/34166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=34166"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/34166\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/34167"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=34166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=34166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=34166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}