Article Details

Apple fixes two zero-days exploited in targeted iPhone attacks. Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. The two vulnerabilities are in CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs impacting iOS, macOS, tvOS, iPadOS, and visionOS. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS," reads an Apple security bulletin released today. The CVE-2025-31200 flaw in CoreAudio was discovered by Apple and the Google Threat Analysis team. It can be exploited by processing an audio stream in a maliciously crafted media file to execute remote code on the device. The company also fixed CVE-2025-31201, which Apple discovered. It is a bug in RPAC that allows attackers with read or write access to bypass Pointer Authentication (PAC), an iOS security feature that helps protect against memory vulnerabilities. Apple has not shared further details on how the flaws were exploited in attacks. BleepingComputer contacted Apple and Google with questions about flaws but has not received a response. Both vulnerabilities were fixed in iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS Sequoia 15.4.1, and visionOS 2.4.1. The list of devices impacted by these zero-days is extensive, impacting older and newer models: Even though these zero-day flaws were exploited in highly targeted attacks, users are still strongly advised to install them as soon as possible. With these vulnerabilities, Apple has fixed five zero-days since the start of the year, the first in January (CVE-2025-24085),  the second in February (CVE-2025-24200), and the third in March (CVE-2025-24201).