Apple has released urgent security updates to fix two newly discovered zero-day vulnerabilities that were exploited in highly targeted iPhone attacks.
The flaws, tracked as CVE-2025-31200 in CoreAudio and CVE-2025-31201 in RPAC, affect a wide range of Apple devices including iPhones, iPads, Macs, Apple TVs, and Vision Pro.
CVE-2025-31200 can be triggered through a malicious media file to execute remote code, while CVE-2025-31201 allows attackers with access to bypass iOS’s Pointer Authentication protection.
These vulnerabilities were found by Apple, with support from Google's Threat Analysis Group, and were addressed in the latest software versions including iOS 18.4.1 and macOS Sequoia 15.4.1. Although the attacks were reportedly very targeted, Apple advises all users to update promptly.
These fixes bring the total to five zero-days patched by Apple in 2025 alone.
Read more...