On Wednesday, Apple released new software updates for iPhone, iPad, Mac, Apple TV, and Vision Pro. While it might seem like these updates are quite small, each contains two very important patches for serious security vulnerabilities on your devices.
Apple’s latest security patches
Apple releases five updates across these device categories: That’s iOS 18.4.1 for iPhones, iPadOS 18.4.1 for iPads, macOS Sequoia 15.4.1 for Macs, tvOS 18.4.1 for Apple TVs, and visionOS 2.4.1 for Vision Pros. Despite the fact that these are all different updates for different devices, the security updates are exactly the same on each.
All updates patch two security vulnerabilities across devices. The first, tracked as CVE-2025-31200, is a flaw affecting CoreAudio—Apple’s API for handling audio. Actors who know about the vulnerability can create a malicious media file for Apple devices to play. When the device processes the audio stream, it allows for code execution, which means attackers can run their code on your machine.
The second vulnerability is tracked as CVE-2025-31201, and affects RPAC. PACs, or Pointer Authentication Codes, are a security feature that can help prevent bad actors from exploiting memory corruption flaws. A bad actor aware of the flaw can bypass Pointer Authentication. Apple addressed the flaw by removing the compromised code across its different OSes.
The reason both of these flaws are particularly serious is that they are actively exploited. Ideally, companies like Apple identify flaws before anyone else does, and issue patches before those flaws are disclosed. Sometimes, however, bad actors discover flaws like the ones above before companies have a chance to patch them, and exploit them in targeted attacks. In these two cases, Apple says bad actors exploited these flaws “in an extremely sophisticated attack against specific targeted individuals on iOS,” which is the same language the company used for flaws it patched with iOS 18.3.2.
In addition to the security patches, iOS 18.4.1 also patches a “rare” bug that might prevent wireless CarPlay connections in certain cars.
This security update follows the security patches Apple included with software updates like iOS 18.4 and macOS Sequoia. Apple’s iOS and iPadOS updates patched 60 security vulnerabilities, while its Mac update patched more than 120. Luckily, none of those were known to be actively exploited at the time.
Security patches vs. software updates
Some platforms separate security patches and software updates as two distinct processes. Not Apple. Usually, the company couples security patches and software updates together, which creates some interesting situations. You can have a feature-filled software update that is also full of security patches, a feature-filled software update with few (or no) security patches, or a software update with few (or no) features, and any number of security patches.
There is an exception to this rule: Apple’s Rapid Security Responses. These are strictly security patches—not feature updates—and are deployed when it’s absolutely critical to patch a security flaw on customers’ devices. You’ll know when one of these hits your device, since it not only says “Security Response,” but also includes an (a) to denote this isn’t a standard update.
This isn’t a Security Response, though: This is an update, that just so happens to be a security patch. I know—not confusing at all.
How to install a security patch on your Apple device
Again, these security patches are really just software updates. As such, you can install these patches just as you would any other Apple update. On most Apple devices, you can head to Settings (System Settings for macOS) > General > Software Update, then follow the on-screen instructions to download and install the latest update.
Jake Peterson
Senior Technology Editor
Jake Peterson is Lifehacker’s Senior Technology Editor. He has a BFA in Film & TV from NYU, where he specialized in writing. Jake has been helping people with their technology professionally since 2016, beginning as a technical specialist at New York’s 5th Avenue Apple Store, then as a writer for the website Gadget Hacks. In that time, he wrote and edited thousands of news and how-to articles about iPhones and Androids, including reporting on live demos from product launches from Samsung and Google. In 2021, he moved to Lifehacker and covers everything from the best uses of AI in your daily life to which MacBook to buy. His team covers all things tech, including smartphones, computers, game consoles, and subscriptions. He lives in Connecticut.
