Apple has rolled out its latest iPhone update, iOS 18.4.1, a minor but crucial release that patches a CarPlay glitch and several dangerous security flaws, making it essential for all users to install the update.
After the release of iOS 18.4 earlier this month, many iPhone and CarPlay users started complaining of random connection problems and other hiccups. Some people reported that CarPlay would disconnect and reconnect, while others revealed that the CarPlay screen would appear blank. In its description of iOS 18.4.1, Apple said the update “addresses a rare issue that prevents wireless CarPlay connection in certain vehicles.”
The latest update deals with two serious security flaws already used in targeted attacks. The first flaw, CVE-2025-31200, is described as “processing an audio stream in a maliciously crafted media file may result in code execution.” That process refers to an attacker who uses Apple’s CoreAudio framework to create a media file containing malware. Any iPhone user who launches the file would trigger the malicious code, allowing the attacker to access the device. This vulnerability may have been exploited in an “extremely sophisticated attack against specific targeted individuals on iOS,” according to Apple. To squash this bug, the company fixed a memory corruption issue, a problem in which a program can modify memory to execute malicious code.
The second flaw, CVE-2025-31201, means “an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.” Pointer Authentication is a type of protection designed to thwart attacks that try to corrupt system memory. With the flaw exploited, an attacker can gain access to memory by skirting past this protection. That means they can then run malicious code or steal sensitive data. This vulnerability was also found to have been used in attacks against targeted individuals. Apple fixed the glitch by removing the vulnerable code.
Typically, these flaws would be used only in highly targeted attacks against political figures, journalists, and other prominent individuals. However, the vulnerabilities pose serious threats to the security of Apple devices, so all users should install them. The CarPlay fix is only for iOS, but the two security patches apply to other Apple products. As such, Apple has updated iPadOS, MacOS, TVOS, and VisionOS. If you use any of those operating systems and the associated devices, download and install the latest update.
