Critical Patches Released Amid Security Risks!

Apple has rolled out emergency security updates to address two zero-day vulnerabilities exploited in highly targeted attacks against select iPhone users. This bold move underscores the company's commitment to protecting its customers from advanced threats.

What You Need to Know About the Flaws!

The vulnerabilities, identified as CVE-2025-31200 and CVE-2025-31201, impact a range of operating systems including iOS, macOS, tvOS, iPadOS, and visionOS. In a security bulletin, Apple acknowledged the threats stemming from these vulnerabilities, stating that they were used in an "extremely sophisticated attack" on specific individuals.

Inside the Technical Details!

CVE-2025-31200, a flaw related to CoreAudio, enables attackers to exploit maliciously crafted media files, allowing them to execute remote code on the targeted device through audio streams. Discovered in collaboration with Google's Threat Analysis team, this vulnerability poses a serious risk to users.

The second vulnerability, CVE-2025-31201, is found in the RPAC system. This bug enables attackers with specific read or write access to sidestep Pointer Authentication (PAC), a crucial iOS security feature that guards against memory vulnerabilities.

Are You Affected? Check Your Devices!

Apple’s update has patched both vulnerabilities in the latest versions: iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS Sequoia 15.4.1, and visionOS 2.4.1. A wide array of devices are affected by these security flaws, including:

- iPhone XS and newer models - iPad Pro 13-inch and newer, iPad Pro 11-inch 1st generation and newer - iPad Air 3rd generation and newer - iPad 7th generation and newer - iPad mini 5th generation and newer - All models of Apple TV HD and Apple TV 4K - Apple Vision Pro