logo
Home/News/News article/

Apple fixes two zero-days exploited in targeted iPhone attacks

Apple

Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones.

The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS," reads an Apple security bulletin released today.

The CVE-2025-31200 flaw in CoreAudio was discovered by Apple and the Google Threat Analysis team. It can be exploited by processing an audio stream in a maliciously crafted media file to execute remote code on the device.

The company also fixed CVE-2025-31201, which Apple discovered. It is a bug in RPAC that allows attackers with read or write access to bypass Pointer Authentication (PAC), an iOS security feature that helps protect against memory vulnerabilities.

Apple has not shared further details on how the flaws were exploited in attacks. BleepingComputer contacted Apple and Google with questions about flaws but has not received a response.

Both vulnerabilities were fixed in iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS Sequoia 15.4.1, and visionOS 2.4.1.

The list of devices impacted by these zero-days is extensive, impacting older and newer models:

  • iPhone XS and later
  • iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • macOS Sequoia
  • Apple TV HD and Apple TV 4K (all models)
  • Apple Vision Pro

Even though these zero-day flaws were exploited in highly targeted attacks, users are still strongly advised to install them as soon as possible.

With these vulnerabilities, Apple has fixed five zero-days since the start of the year, the first in January (CVE-2025-24085),  the second in February (CVE-2025-24200), and the third in March (CVE-2025-24201).

Free online web security scanner

Top News: