- The best Mini ITX PC cases of 2025: Expert recommended
- From Copilot to agent - AI is growing up, and CISOs need to be ready
- My favorite Apple Watch for tracking my workouts is 32% off at major retailers
- Discover the Cisco Catalyst Center Fundamentals (CCFND) Training Program
- This robot vacuum's dustbin doubles as a handheld vacuum (and it's on sale)
Update your iPhone now to patch a CarPlay glitch and two serious security flaws
Apple has rolled out its latest iPhone update, iOS 18.4.1. Though minor, you’ll want to install the update as it patches a CarPlay glitch and several dangerous security flaws.
Also: The best VPN services (and how to choose the right one for you)
After the release of iOS 18.4 earlier this month, many iPhone and CarPlay users started complaining of random connection problems and other hiccups. Some people reported that CarPlay would disconnect and reconnect, while others revealed that the CarPlay screen would appear blank. In its description of iOS 18.4.1, Apple said the update “addresses a rare issue that prevents wireless CarPlay connection in certain vehicles.”
With that bug hopefully solved, let’s move on to the more urgent matter of security vulnerabilities. The latest update deals with two serious flaws already used in targeted attacks.
Also: Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
The first flaw, CVE-2025-31200, is described as “processing an audio stream in a maliciously crafted media file may result in code execution.” That process refers to an attacker who uses Apple’s CoreAudio framework to create a media file containing malware. Any iPhone user who launches the file would trigger the malicious code, allowing the attacker to access the device.
This vulnerability may have been exploited in an “extremely sophisticated attack against specific targeted individuals on iOS,” according to Apple. To squash this bug, the company fixed a memory corruption issue, a problem in which a program can modify memory to execute malicious code.
The second flaw, CVE-2025-31201, means “an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.” Pointer Authentication is a type of protection designed to thwart attacks that try to corrupt system memory. With the flaw exploited, an attacker can gain access to memory by skirting past this protection. That means they can then run malicious code or steal sensitive data.
This vulnerability was also found to have been used in attacks against targeted individuals. Apple fixed the glitch by removing the vulnerable code.
Also: iOS 18.4 is a bigger iPhone upgrade than I expected: Try my 5 favorite features
Typically, these flaws would be used only in highly targeted attacks against political figures, journalists, and other prominent individuals. However, the vulnerabilities pose serious threats to the security of Apple devices, so all users should install them.
The CarPlay fix is only for iOS, but the two security patches apply to other Apple products. As such, Apple has updated iPadOS, MacOS, TVOS, and VisionOS. If you use any of those operating systems and the associated devices, download and install the latest update.
