Apple’s iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 60 … More security vulnerabilities, some of which are serious.

Apple iPhone

Update, April. 01, 2025: This story, originally published Mar. 31, now includes additional expert analysis on the flaws fixed iOS 18.4, as well as details about the other updates issued by Apple.

Apple has issued iOS 18.4, along with a number of cool new iPhone features. But the iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 62 security vulnerabilities, some of which are serious.

Apple doesn’t give much detail about what’s fixed in iOS 18.4, to give people as much time to update their iPhones as possible before attackers can get hold of the details. Among the fixes, the iOS 18.4 upgrade patches several critical bugs in WebKit, the engine that underpins the Safari browser — and the Kernel at the heart of the iPhone operating system.

Apple’s iOS 18.4 patches an issue in the iPhone Kernel tracked as tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures.

Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross-site scripting attack — where an attacker injects malicious scripts into a trusted website — if you inadvertently load a malicious iframe, Apple warns on its support page.

The iOS 18.4 patches come less than a month after Apple’s emergency iPhone update 18.3.2, which fixed a flaw already being used in real-life attacks.

Breaking Down The Bugs Squashed In iOS 18.4

A significant number of the vulnerabilities fixed in iOS 18.4 were in WebKit. This shows that attackers continue to focus on exploiting the framework that downloads and presents web-based content, says Adam Boynton, senior security strategy manager EMEIA at Jamf.

Another key iOS 18.4 fix is in the Kernel, which is “crucial” because it manages all operating system operations and hardware interactions on your iPhone, says Boynton. He points out that the bug fixed in iOS 18.4 is worrying, because it “allows an attacker to attempt passcode entries despite the device being locked.”

The iOS 18.4 update also addresses vulnerabilities in Apple’s Core Media. This framework is commonly used to process media, supporting a broad set of apps and managing data queues in memory, says Boynton. “By targeting these vulnerabilities, attackers can corrupt process memory and access sensitive information,” he warns.

While Apple hasn’t mentioned any instances of these vulnerabilities being exploited in real attacks, the CVEs are now public, Boynton says. “Attackers will likely target devices that have yet to be updated, so downloading iOS 18.4 is essential for all users.”

Apple Issues iPadOS 17.7.6, iOS 16.7.11 And iOS 15.8.4

Alongside iOS 18.4, Apple has issued iPadOS 17.7.6 for older devices the iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation. The update fixes a number of flaws, the most notable being an issue in CoreMedia that could allow a malicious application to elevate privileges, tracked as CVE-2025-24085. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2,” the iPhone maker warns.

Meanwhile, iOS 16.7.11 for the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation fixes two issues used in real life attacks.

Lastly, Apple has squashed the same bugs for very old devices in iOS 15.8.4.

Other Updates Released By Apple

Alongside iOS 18.4 and the updates for older iPhones and iPads, Apple released Safari 18.4 for macOS Ventura and macOS Sonoma, Xcode 16.3 for macOS Sequoia 15.2 and later, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. It also issued tvOS 18.4 and visionOS 2.4 for its mixed reality headset.

Why You Should Update To iOS 18.4 Now

Apple’s iOS 18.4 fixes more than 60 issues — one of the biggest list of patches I’ve seen from the iPhone maker in recent times. “With such a high number of security fixes, we strongly recommend that users update their devices to iOS 18.4,” says Boynton.

Indeed, iOS 18.4 and the other upgrades issued alongside it include important security updates for your iPhone — some of which have been used in real-life attacks. “These vulnerabilities could potentially allow malicious code to run on affected devices, putting data at risk as well as the device itself at risk of a remote denial of service attack,” says Jake Moore, global cybersecurity advisor at ESET.

He recommends all users install the iOS 18.4 update “as soon as possible to ensure devices remain protected against these known threats.”

I agree. Apple’s iOS 18.4 includes a long list of patched flaws, so it’s a good idea to apply it now. Go to your Settings > General > Software Update and download and install iOS 18.4 now to keep your iPhone safe.