Apple has rolled out important security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS. These updates fix two serious vulnerabilities that attackers have already been using in real-world, targeted attacks.
Details of the Vulnerabilities
The two flaws carry high severity scores and pose serious security risks:
- CVE-2025-31200 (CVSS 7.5): This is a memory corruption issue in the Core Audio framework. It could allow attackers to execute malicious code by tricking the system into processing a harmful audio stream.
- CVE-2025-31201 (CVSS 6.8): This flaw lies in the RPAC component. It may let attackers with read/write access bypass Pointer Authentication, a key security feature.
Apple’s Response
To address CVE-2025-31200, Apple improved bounds checking in the Core Audio framework. For CVE-2025-31201, it removed the vulnerable section of code completely. These changes aim to stop further exploitation and strengthen the system’s defenses.
Notably, Apple and Google’s Threat Analysis Group (TAG) worked together to report CVE-2025-31200. Apple confirmed that these flaws were used in “extremely sophisticated” attacks, targeting specific iOS users.
Ongoing Pattern of Zero-Day Exploit
So far in 2025, Apple security updates have fixed five zero-day flaws. These include:
- CVE-2025-24085 (CVSS 7.8): A Core Media bug that allowed installed apps to gain extra privileges.
- CVE-2025-24200 (CVSS 4.6): An issue in the Accessibility component. It enabled attackers to disable USB Restricted Mode on locked devices.
- CVE-2025-24201 (CVSS 7.1): An out-of-bounds write vulnerability in WebKit. It could let attackers escape the Web Content sandbox using harmful web content.
Devices and Platforms Affected
With the latest Apple security updates, users can now install the following updates:
iOS 18.4.1 / iPadOS 18.4.1: Available for iPhone XS and later, along with various iPad models including iPad Pro, iPad Air (3rd gen+), and iPad mini (5th gen+).
macOS Sequoia 15.4.1: For devices running macOS Sequoia.
tvOS 18.4.1: Available for Apple TV HD and all Apple TV 4K models.
visionOS 2.4.1: For Apple Vision Pro.
What Users Should Do
Due to confirmed active exploitation, Apple urges all users to update their devices immediately. Installing the latest software will help prevent potential threats and ensure better protection moving forward.
Check out other interesting news:
