iOS 18.4.1 and iPadOS 18.4.1
Juli Clover (iOS/iPadOS release notes, security, no enterprise, no developer):
There have been complaints about issues with CarPlay and deleted apps being restored, and iOS 18.4.1 includes several bug fixes. According to Apple’s release notes, the update includes bug fixes and security updates.
According to Apple, it is aware of reports that these vulnerabilities may have been actively exploited in the wild. Apple says that the security flaws were potentially used in an “extremely sophisticated attack against specific targeted individuals.”
One of the issues impacts CoreAudio, and involves a maliciously crafted audio file. Processing the audio stream in the media file could result in code execution. Apple fixed the memory corruption issue with improved bounds checking.
The other vulnerability affected pointer authentication code, and an attacker with arbitrary read and write capability could bypass the Pointer Authentication features that prevent memory from being tampered with. Apple removed the vulnerable code to prevent the exploit from working.
CVE-2025-31201 sounds like a different PAC issue than the one I mentioned last week.
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed.
Previously:
Update (2025-04-25): zadig:
Following the latest update from Apple, we reverse engineered the diff between iOS 18.4 and 18.4.1 to study the changes made to RPAC.
If you would have told me last month that the PAC bypass was in libR(emove)PAC.dylib I would’ve thought you were doing a bit.
Update (2025-05-05): Stephan Casas:
Yesterday I lost two hours to the
URLSessionbug in iOS 18.4, so I’ve got pretty big expectations for Craig’s hair at WWDC.
Apple knows about this Simulator only bug for surely 6 months, people spend countless time re-discovering it one by one cause no public issue tracker, and it is unfixed.
