Source: www.techrepublic.com – Author: Aminu Abdullahi
Published
Find out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.
Apple has rolled out emergency updates to patch two serious security flaws that were actively being exploited in highly targeted attacks on iPhones and other Apple devices. The fixes, released on April 16 as part of iOS 18.4.1 and macOS Sequoia 15.4.1, address zero-day vulnerabilities.
Apple said these bugs were used in an “extremely sophisticated attack against specific targeted individuals on iOS.”
Inside the iOS and macOS vulnerabilities
The two bugs, tracked as CVE-2025-31200 and CVE-2025-31201, affect Apple’s software’s CoreAudio and RPAC components.
- CVE-2025-31200 (CoreAudio): This bug allows hackers to take control of a device simply by tricking it into processing a malicious media file. Apple credited the discovery to its internal team and researchers from Google’s Threat Analysis Group — a unit known for tracking advanced cyberattacks, often linked to government actors.
- CVE-2025-31201 (RPAC): This flaw affects a security mechanism called Pointer Authentication, designed to prevent memory attacks. Hackers who have read and write access to a device could bypass this protection and hijack the system. Apple found and fixed this bug internally by removing the vulnerable code.
Which Apple devices were affected?
While Apple didn’t say who was behind the attacks or how many people were affected, the language the company used — “specific targeted individuals” — strongly suggests that these were not random hacks, but deliberate and precise operations. That, combined with Google’s involvement, has raised speculation about possible ties to government-backed surveillance campaigns.
Devices affected include:
- iPhones from iPhone XS and newer.
- iPads from 7th generation and newer.
- Macs running macOS Sequoia.
- All models of Apple TV HD and Apple TV 4K.
- Apple Vision Pro headset.
A growing list of zero-days
These latest fixes bring the number of zero-days patched by Apple this year to five. Earlier vulnerabilities were addressed in January, February, and March. Apple typically keeps details about ongoing exploits under wraps, and this case is no different. The company hasn’t shared exactly how the bugs were used.
Also Read
Aminu Abdullahi
Aminu Abdullahi is an experienced B2B technology and finance writer. He has written for various publications, including TechRepublic, eWEEK, Enterprise Networking Planet, eSecurity Planet, CIO Insight, Enterprise Storage Forum, IT Business Edge, Webopedia, Software Pundit, Geekflare and more.
Original Post URL: https://www.techrepublic.com/article/news-apple-patches-zero-days-ios-macos/
Category & Tags: Apple,Mobility,News,Security,Software,apple iphone,cybersecurity,ios,mobile security,threats and vulnerabilities,zero-day threats – Apple,Mobility,News,Security,Software,apple iphone,cybersecurity,ios,mobile security,threats and vulnerabilities,zero-day threats
Views: 7
