If you haven’t refreshed your iPhone recently, this is the perfect moment to do so.

On Wednesday, April 16, Apple launched iOS 18.4.1, a vital update that resolves two serious zero-day vulnerabilities—security weaknesses that were already being actively exploited by hackers prior to the release of the patch.

In a statement available on its website, Apple acknowledged that both vulnerabilities had been leveraged in “extremely sophisticated attacks” aimed at specific individuals. The company highlighted the urgency of the update, pointing out that these exploits present a considerable risk to user security.

The two vulnerabilities concern Core Audio (CVE-2025-31200) and Return Pointer Authentication Code (RPAC) (CVE-2025-31201). Core Audio is the framework Apple utilizes for managing audio processing across its devices. The first vulnerability permitted attackers to execute harmful code on a device just by having it process a specially crafted audio file.

The second vulnerability focuses on RPAC, a security feature intended to thwart attackers from commandeering legitimate code. This exploit enabled hackers with read and write access to circumvent the Pointer Authentication mechanism, potentially gaining greater control over the device.

These security concerns do not solely impact iPhones. Apple has confirmed that the same vulnerabilities affect other devices, such as certain iPad models, Apple TV, Apple Vision Pro, and Macs operating on macOS Sequoia. Updates for all impacted devices have been rolled out and are currently available.

To remain secure, users are strongly advised to install the latest updates without delay.