On Wednesday, Apple released updates for most of its platforms: iOS 18.4.1, iPadOS 18.4.1, macOS 15.4.1, tvOS 18.4.1, and visionOS 2.4.1. They contain two fixes for vulnerabilities that could be exploited in real attacks, so it’s advisable to update your devices without further delay.
One of the fixed bugs concerns Apple’s audio framework, CoreAudio. This memory corruption issue allowed malicious media files to execute code while being processed as audio streams. The other concerns the Remote Participant Audio Control (RPAC) framework, which allows communication applications to control audio streams. This vulnerability allowed an attacker with arbitrary read/write capabilities to bypass pointer authentication (a security feature in Apple processors).
