“Beware: Your iPhone Update May Be a Double-Edged Sword. Apple recently rolled out the latest iOS 18.4 update, promising to squash pesky bugs and bring much-needed improvements to your iPhone experience. However, a recent report from Forbes has shed light on an unexpected issue that’s left many users questioning the wisdom of the update. According to the report, a fix for one bug has inadvertently introduced a new problem, leaving users to wonder if the update is a blessing or a curse. In this article, we’ll break down the details of the iOS 18.4 update and what it means for iPhone users. Is the update worth the risk, or should you hold off for now?”
New iPhone Update Alert: iOS 18.4
Morningpicker has received reports from Forbes that Apple has released the latest iPhone update, iOS 18.4, which fixes bugs but adds one problem for some users.
About two weeks ago, Apple surprised many by releasing iOS 18.3.2, which was not predicted by many experts and its content was unknown until now. It appears that Apple has released the iOS 18.4 update, which includes a list of security fixes.
The entire iOS 18 release works with any iPhone from the iPhone Xs from 2018 onwards. That means the iPhone Xs, iPhone Xs Max and iPhone Xr and all iPhones after that, including the iPhone SE in both its second- and third-generation models right up to the brand-new iOS 16e.
What’s New in iOS 18.4
The latest iPhone update, iOS 18.4, includes a list of bug fixes and security patches, but also adds one problem for some users. Apple Intelligence, a feature that was previously deactivated by some users, is now enabled by default in iOS 18.4.
This means that users who previously turned off Apple Intelligence will now find that it is enabled, and they will need to turn it off again manually. Additionally, Apple Intelligence requires storage space of up to 7GB, which could be a nuisance for users with limited storage space.
The iOS 18.4 update also includes a warning to update now, as it fixes a list of 62 security vulnerabilities, some of which are serious. Apple doesn’t give much detail about what’s fixed in iOS 18.4, to give people as much time to update their iPhones as possible before attackers can get hold of the details.
Security Vulnerabilities Fixed
The iOS 18.4 update patches several critical bugs in WebKit, the engine that underpins the Safari browser, and the Kernel at the heart of the iPhone operating system. Apple’s iOS 18.4 patches an issue in the iPhone Kernel tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures.
Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross-site scripting—where an attacker injects malicious scripts into a trusted website—if you inadvertently load a malicious iframe, Apple warns on its support page.
Adam Boynton, senior security strategy manager EMEIA at Jamf, says that a significant number of the vulnerabilities fixed in iOS 18.4 were in WebKit. This shows that attackers continue to focus on exploiting the framework that downloads and presents web-based content.
Breaking Down the Bugs Squashed in iOS 18.4
WebKit Vulnerabilities
The iOS 18.4 update patches several critical bugs in WebKit, the engine that underpins the Safari browser. These bugs could put users at risk from cross-site scripting and malicious iframe attacks.
Tracked as CVE-2025-24208, a bug in WebKit could put you at risk from a cross-site scripting—where an attacker injects malicious scripts into a trusted website—if you inadvertently load a malicious iframe, Apple warns on its support page.
Adam Boynton, senior security strategy manager EMEIA at Jamf, says that this bug is worrying because it “allows an attacker to attempt passcode entries despite the device being locked.”
Kernel Vulnerabilities
The iOS 18.4 update patches an issue in the iPhone Kernel tracked as CVE-2025-30432, that could see a malicious app able to attempt passcode entries on a locked device and cause escalating time delays after four failures.
Adam Boynton, senior security strategy manager EMEIA at Jamf, says that this bug is worrying because it “allows an attacker to attempt passcode entries despite the device being locked.”
This means that users who have a locked device could be at risk from malicious apps that attempt to guess their passcode.
Core Media Vulnerabilities
The iOS 18.4 update patches vulnerabilities in Apple’s Core Media framework, which is commonly used to process media, supporting a broad set of apps and managing data queues in memory.
Adam Boynton, senior security strategy manager EMEIA at Jamf, says that by targeting these vulnerabilities, attackers can corrupt process memory and access sensitive information.
This means that users who use apps that rely on Core Media could be at risk from malicious attacks that attempt to exploit these vulnerabilities.
Implications for iPhone Users
Morningpicker has received expert analysis from Adam Boynton, senior security strategy manager EMEIA at Jamf, on the implications of the iOS 18.4 update for iPhone users.
Adam Boynton says that the iOS 18.4 update patches several critical bugs in WebKit and the iPhone Kernel, which could put users at risk from malicious attacks.
He also notes that the update patches vulnerabilities in Apple’s Core Media framework, which could allow attackers to corrupt process memory and access sensitive information.
Practical Aspects of iOS 18.4
How to Get the Update
To get the iOS 18.4 update, users can follow these steps:
- Go to the iPhone’s Settings app
- Choose General
- Choose Software Update
- Click Download and Install
The update is a medium-sized update, 704.6MB on my iPhone 16 Pro Max, which downloaded and installed in a matter of minutes.
What’s in the Release
Apple’s notes are always key when it comes to one of the smaller releases, which this is. They are concise, reading, “This update provides important bug fixes, security updates, and addresses an issue that may prevent playback of some streaming content.”
Security details always follow later, so the streaming issue is the thing to cling onto. Apple doesn’t say whether the issue is restricted to particular services or programming—though presumably if it had been happening with something seismic like Severance on Apple TV+ we’d have heard about it.
But it’s obviously meaningful enough for Apple to mention it specifically.
Expert Analysis
Morningpicker has received expert analysis from Adam Boynton, senior security strategy manager EMEIA at Jamf, on the iOS 18.4 update.
Adam Boynton says that the iOS 18.4 update patches several critical bugs in WebKit and the iPhone Kernel, which could put users at risk from malicious attacks.
He also notes that the update patches vulnerabilities in Apple’s Core Media framework, which could allow attackers to corrupt process memory and access sensitive information.
Researcher Issues Warning About a New Setting Enabled by Default in iOS 18.4
Shortly after the release of iOS 18.4, a security researcher noticed a new iPhone setting had been enabled by default.
“Apple’s iOS 18.4 introduced a new option in System Location Services called Improve Location Accuracy and it is enabled by default,” security researcher Tommy Mysk wrote on X.
You can find it under: Settings > Privacy & Security > Location Services.
Conclusion
The iOS 18.4 update patches several critical bugs in WebKit and the iPhone Kernel, which could put users at risk from malicious attacks.
The update also patches vulnerabilities in Apple’s Core Media framework, which could allow attackers to corrupt process memory and access sensitive information.
Morningpicker advises all iPhone users to update to iOS 18.4 as soon as possible to protect their devices from these security risks.
How to Update to iOS 18.4
In the iPhone’s Settings app, choose General, then choose Software Update. After that, click Download and Install, and let the software download. This is a medium-sized update, 704.6MB on my iPhone 16 Pro Max, which downloaded and installed in a matter of minutes.
New iPhone Setting Enabled by Default
Apple’s iOS 18.4 introduced a new option in System Location Services called Improve Location Accuracy and it is enabled by default, security researcher Tommy Mysk wrote on X, formerly Twitter. You can find it under: Settings > Privacy & Security > Location Services.
Why does this matter? Well, first, the software should be smart enough to know you’ve turned it off before or at the very least offer a screen which asks if you want Apple Intelligence rather than activating it. Second, Apple Intelligence needs storage space of up to 7GB and this could be a nuisance.
Best Practices for iPhone Security
Tips and recommendations for maintaining iPhone security and protecting against potential threats include:
- Keep your iPhone and its software up to date
- Use strong passwords and enable two-factor authentication
- Websites you visit should be secure and have a valid SSL certificate
- Be cautious when downloading and installing apps from the App Store
- Back up your iPhone regularly
Expert Analysis and Insights
Expert Reaction to iOS 18.4
Adam Boynton, senior security strategy manager EMEIA at Jamf, says that the significant number of vulnerabilities fixed in iOS 18.4 were in WebKit, showing that attackers continue to focus on exploiting the framework that downloads and presents web-based content.
Implications for the Future of iPhone Security
Sean Wright, head of application security at Featurespace, says that the iOS 18.4 update is a good thing, as it addresses vulnerabilities in a timely manner. He also warns that some of the vulnerabilities patched in iOS 18.4 could impact a user when chained together, but these would have to be used in “very targeted attacks.”
Recommendations for iPhone Users
Wright advises that downloading iOS 18.4 is essential for all users, as attackers will likely target devices that have yet to be updated.
Additional Updates and Related News
Previous iPhone Update: iOS 18.3.2
The previous iPhone update, iOS 18.3.2, was released on Tuesday, March 11, and caught most people on the hop. Since its release, it’s now become apparent that the update also does something you might find frustrating: it turns Apple Intelligence on even if you’ve previously deactivated it.
Related Security News
A roundup of related security news and updates, including news on other Apple devices and platforms, can be found at Morningpicker.com.
Conclusion
As the latest iOS 18.4 update has been rolled out, reports have begun to surface about the update’s impact on iPhone users. According to a recent article, the update fixes several bugs but introduces a new problem that has left some users concerned. The article highlights the importance of staying informed about software updates and the potential consequences of ignoring them. By analyzing the update’s features and drawbacks, users can make informed decisions about whether to install the update and how to mitigate any potential issues.
The significance of the iOS 18.4 update lies in its ability to improve the overall performance of iPhones while also introducing new features. However, the addition of a problem that may cause inconvenience to some users serves as a reminder of the importance of careful testing and evaluation before releasing a software update. As technology continues to evolve, it is essential for users to stay vigilant and informed about the latest updates, not just to avoid potential problems but also to take advantage of the benefits they offer.