Today's iOS/iPadOS 18.1.1 and macOS 15.1.1 updates are joined by visionOS 2.1.1 and iOS/iPadOS 17.7.2, which also address vulnerabilities in those platforms. As with most security fixes, it's a good idea to update to these as soon as possible. However, that's particularly true in this case, as they fix two issues Apple believes have already been exported by hackers and cybercriminals.
According to the security release notes for iOS 18.1.1 and iPadOS 18.1.1, both address problems in JavaScriptCore and WebKit that could lead to "arbitrary code execution." It's unclear how widely known these vulnerabilities are, but Apple notes it's "aware of a report that this issue may have been actively exploited on Intel-based Mac systems."
While that doesn't pertain to the iPhone and iPad, the same problem has been fixed in the macOS Sequoia 15.1.1 update. More importantly, the vulnerability does exist in iOS, iPadOS, and visionOS, which means if it hasn't been exploited yet, it soon will be.
This is the number one reason that you should always apply Apple's security patches as soon as they become available. Even if the security vulnerabilities that have been patched by iOS 18.1.1 and the rest weren't known by anybody but "white hat" security researchers and Apple software engineers, today's security release notes have just disclosed them to the whole world -- including all the bad actors who will now try to exploit them against unpatched devices.
This is especially true with these latest vulnerabilities. While many security issues are more challenging to exploit, problems in JavaScript and WebKit libraries can be like shooting fish in a barrel for malicious hackers, as they require little more than building exploits into web pages and then convincing unsuspecting iPhone and iPad users to open them in Safari.
One silver lining is that it appears this latest macOS vulnerability only applies to Sequoia, as Apple has not released similar patches for Sonoma and Ventura. These two older Mac operating systems received security updates in late October to patch a much longer list of problems that were also addressed in macOS Sequoia 15.1.
However, these problems do exist in iOS 17 and iPadOS 17, so even if you've decided to give iOS/iPadOS 18 a pass, you should check for updates and install iOS 17.7.2 and iPadOS 17.7.2 as soon as possible.
As is typically the case with sub-point releases like this, there aren't likely any new features in iOS 18.1.1 or the other updates. Apple hasn't even noted any bug fixes, so this one has clearly been pushed out to plug these relatively important security holes before cybercrooks can take advantage of them.
It's not known yet if the latest iOS 18.2 and macOS 15.2 betas include have patched these vulnerabilities. They'll probably be addressed in the next beta, which could show up any day now, and certainly in place by the time those updates are released to the public early next month.