Apple's iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 60 ... More security vulnerabilities, some of which are serious.Apple iPhoneUpdate, April. 02, 2025: This story, originally published Mar. 31, now includes additional expert analysis on the flaws fixed iOS 18.4, information about bug fixes and details about the other updates issued by Apple.Apple has issued iOS 18.4, along with a number of cool new iPhone features. But the iOS 18.4 update also comes with a warning to update now, because it fixes a hefty list of 62 security vulnerabilities, some of which are serious.Apple doesnt give much detail about whats fixed in iOS 18.4, to give people as much time to update their iPhones as possible before attackers can get hold of the details. Among the fixes, the iOS 18.4 upgrade patches several critical bugs in WebKit, the engine that underpins the Safari browser and the Kernel at the heart of the iPhone operating system.Apples iOS 18.4 patches an issue in the iPhone Kernel tracked as tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures.Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross site scripting where an attacker injects malicious scripts into a trusted website if you inadvertentlysupport page.The iOS 18.4 patches come less than a month after Apples emergency iPhone update 18.3.2, which fixed a flaw already being used in real-life attacks.Breaking Down The Bugs Squashed In iOS 18.4A significant number of the vulnerabilities fixed in iOS 18.4 were in WebKit. This shows that attackers continue to focus on exploiting the framework that downloads and presents web-based content, says Adam Boynton, senior security strategy manager EMEIA at Jamf.Another key iOS 18.4 fix is in the Kernel, which is crucial because it manages all operating system operations and hardware interactions on your iPhone, says Boynton. He points out that the bug fixed in iOS 18.4 is worrying, because it allows an attacker to attempt passcode entries despite the device being locked.The iOS 18.4 update also addresses vulnerabilities in Apples Core Media. This framework is commonly used to process media, supporting a broad set of apps and managing data queues in memory, says Boynton. By targeting these vulnerabilities, attackers can corrupt process memory and access sensitive information, he warns.Thankfully, there appear to be no publicly exploited vulnerabilities fixed in iOS 18.4, says Sean Wright, head of application security at Featurespace. While there are quite a few fixes, it is good to see them being addressed, he says.Some people might be alarmed by the number of security fixes being issued by Apple in recent times. However, Wright says this is a good thing. Vulnerabilities are part of software, the important part is that they are addressed in a timely manner. I think Apple has done a respectable job, he says.Wright does point out that some of the vulnerabilities patched in iOS 18.4 could impact a user when chained together. However, he says, these would have to be used in very targeted attacks.While Apple hasnt mentioned any instances of these vulnerabilities being exploited in real attacks, the CVEs are now public, Boynton says. Attackers will likely target devices that have yet to be updated, so downloading iOS 18.4 is essential for all users.Researcher Issues Warning About A New Setting Enabled By Default In iOS 18.4Shortly after the release of iOS 18.4, a security researcher noticed a new iPhone setting had been enabled by default.Apples iOS 18.4 introduced a new option in System Location Services called Improve Location Accuracy and it is enabled by default, security researcher Tommy Mysk wrote on X, formerly Twitter.You can find it under: Settings > Privacy & Security > Location Services > System Services.This option appears to enhance the Assisted GPS (aGPS) network by providing more precise GPS coordinates of nearby Wi-Fi networks and cell towers, Mysk wrote. Apple and Google devices rely on the aGPS database in areas where the GPS signal is weak.The iOS 18.4 feature isnt on for all users, but it makes sense to check your iPhone to see if yours is.Meanwhile, it is being reported that Apple Intelligence is enabled by default yet again in iOS 18.4. In both cases, once youve downloaded iOS 18.4, its a good idea to go to your settings and ensure these features are turned off, if you dont want to use them.To turn off Apple Intelligence now, go to Settings > Apple Intelligence and Siri and toggle off Apple Intelligence.Bug Fixes In iOS 18.4The iOS 18.4 update also comes with some fixes for annoying iPhone bugs. According to the iOS 18.4 release notes, these include several issues with Apple Intelligence.Another resolved issue is a problem where scrolling through Notifications might cause them to flicker or collapse momentarily. Meanwhile issues resolved in Apples voice assistant Siri include a problem where in non-English languages, some Siri suggestions might fail to complete successfully.Apple Issues iPadOS 17.7.6, iOS 16.7.11 And iOS 15.8.4Alongside iOS 18.4, Apple has issued iPadOS 17.7.6 for older devices the iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation. The update fixes a number of flaws, the most notable being an issue in CoreMedia that could allow a malicious application to elevate privileges, tracked as CVE-2025-24085. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2, the iPhone maker warns.Meanwhile, iOS 16.7.11 for the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation fixes two issues used in real life attacks.Lastly, Apple has squashed the same bugs for very old devices in iOS 15.8.4.Other Updates Released By AppleAlongside iOS 18.4 and the updates for older iPhones and iPads, Apple released Safari 18.4 for macOS Ventura and macOS Sonoma, Xcode 16.3 for macOS Sequoia 15.2 and later, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. It also issued tvOS 18.4 and visionOS 2.4 for its mixed reality headset.Why You Should Update To iOS 18.4 NowApples iOS 18.4 fixes more than 60 issues one of the biggest list of patches Ive seen from the iPhone maker in recent times. With such a high number of security fixes, we strongly recommend that users update their devices to iOS 18.4, says Boynton.Indeed, iOS 18.4 and the other upgrades issued alongside it include important security updates for your iPhone some of which have been used in real-life attacks. These vulnerabilities could potentially allow malicious code to run on affected devices, putting data at risk as well as the device itself at risk of a remote denial of service attack, says Jake Moore, global cybersecurity advisor at ESET.He recommends all users install the iOS 18.4 update as soon as possible to ensure devices remain protected against these known threats.I agree. Apples iOS 18.4 includes a long list of patched flaws, so its a good idea to apply it now. Go to your Settings > General > Software Update and download and install iOS 18.4 now to keep your iPhone safe.