Apple has released emergency security updates for iOS, iPadOS, and macOS to patch two zero-day vulnerabilities that are reportedly being actively exploited in sophisticated, targeted attacks.
The two newly disclosed flaws are tracked as CVE-2025-31200 and CVE-2025-31201. Both were addressed on April 16, 2025, with the release of iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia 15.4.1. According to Apple, the vulnerabilities were used in “extremely sophisticated attacks” against specific individuals, underscoring their likely use in targeted surveillance or state-sponsored campaigns.
The first flaw, CVE-2025-31200, was found in CoreAudio, a core multimedia framework responsible for audio processing on Apple devices. Exploiting this vulnerability requires a specially crafted media file that, when processed, can lead to arbitrary code execution. Apple credits the discovery to its internal security team in collaboration with Google’s Threat Analysis Group, a unit known for uncovering spyware operations targeting high-risk users.
The second issue, CVE-2025-31201, affects RPAC (a system-level component tied to memory and authentication routines). It could allow attackers with arbitrary memory access to bypass Pointer Authentication, a hardware-based exploit mitigation feature present in Apple silicon devices. Apple resolved the problem by removing the vulnerable code entirely. This flaw was discovered internally by Apple’s own security researchers.
These two vulnerabilities follow three earlier zero-day fixes on Apple products this year:
- CVE-2025-24085 (CoreMedia privilege escalation in January)
- CVE-2025-24200 (USB Restricted Mode bypass in February)
- CVE-2025-24201 (WebKit sandbox escape in March)
Users are urged to update their devices to iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia 15.4.1 as soon as possible. These updates can be accessed through the standard Software Update mechanism in system settings.
To minimize exposure to such high-risk vulnerabilities, users — especially those who may be at risk of targeted attacks — should enable Lockdown Mode for hardened protection against spyware, avoid opening unknown or suspicious media files, keep all devices and applications up to date, and limit physical access and be cautious with third-party accessories and charging stations.
Leave a Reply