Updates have been issued by Apple to address a pair of zero-day vulnerabilities affecting iOS, macOS, iPadOS, tvOS, and visionOS, which was leveraged in a highly advanced and targeted iPhone attack, according to BleepingComputer.
First of the patched zero-days is the CoreAudio issue, tracked as CVE-2025-31200, which could be leveraged to facilitate remote code execution via audio stream processing in a malicious media file, while the other is an RPAC flaw, tracked as CVE-2025-31201, which could be exploited to evade the Pointer Authentication security feature and achieve read or write access, said Apple. Additional details regarding the exploits were not provided but Apple urged immediate implementation of iOS 18.4.1, macOS Sequoia 15.4.1, iPadOS 18.4.1, tvOS 18.4.1, and visionOS 2.4.1 to mitigate risks. Almost half a dozen zero-days have already been addressed by Apple so far this year, with the company remediating the CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201 bugs between January and March.
First of the patched zero-days is the CoreAudio issue, tracked as CVE-2025-31200, which could be leveraged to facilitate remote code execution via audio stream processing in a malicious media file, while the other is an RPAC flaw, tracked as CVE-2025-31201, which could be exploited to evade the Pointer Authentication security feature and achieve read or write access, said Apple. Additional details regarding the exploits were not provided but Apple urged immediate implementation of iOS 18.4.1, macOS Sequoia 15.4.1, iPadOS 18.4.1, tvOS 18.4.1, and visionOS 2.4.1 to mitigate risks. Almost half a dozen zero-days have already been addressed by Apple so far this year, with the company remediating the CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201 bugs between January and March.
