Apple Zero-Days Under Attack: What You Need to Know

Apple has urgently patched two zero-day vulnerabilities that were actively exploited in highly sophisticated attacks targeting specific iPhone users. Here's what you need to know about these critical security issues and how to protect your devices.

The Vulnerabilities Explained

Apple addressed two critical flaws across its platforms (iOS, iPadOS, macOS, tvOS, and visionOS):

• CVE-2025-31200 (CoreAudio):
  This memory corruption vulnerability in the CoreAudio framework could allow attackers to execute malicious code by tricking a device into processing a specially crafted media file.

• CVE-2025-31201 (RPAC):
  This vulnerability in the RPAC component could allow attackers to bypass Pointer Authentication, a key security feature that helps prevent exploitation of memory bugs.

Discovery and Exploitation

These vulnerabilities were discovered through collaboration between Apple's security team and Google's Threat Analysis Group (TAG), which specializes in tracking government-backed cyberattacks. According to Apple, these flaws were used in "extremely sophisticated attacks against specific targeted individuals on iOS" - language that typically suggests advanced persistent threats possibly linked to state-sponsored actors.

Apple has confirmed these were not widespread attacks but rather targeted operations against specific individuals.

Affected Devices

The vulnerabilities affect a wide range of Apple devices:

• iPhone XS and later

• iPad Pro (various models), iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later

• Macs running macOS Sequoia

• Apple TV HD and 4K models

• Apple Vision Pro

Apple's Response

Apple released emergency security updates on April 16, 2025, for all affected platforms. The company strongly recommends that all users install these updates immediately to prevent exploitation.

How to Update:

• iPhone/iPad: Settings → General → Software Update

• Mac: System Settings → General → Software Update

Enabling automatic updates is recommended to ensure timely protection.

Why This Matters

Zero-day vulnerabilities are particularly dangerous because they are exploited before a patch is available. This incident marks the fifth zero-day vulnerability Apple has patched since the beginning of 2025, highlighting the increasing frequency and sophistication of attacks against the Apple ecosystem.

Key Takeaways

• Update all your Apple devices immediately to install the emergency patches

• The attacks were highly sophisticated, likely involving advanced threat actors

• While the attacks were targeted, all users should update to prevent wider exploitation

• Stay vigilant and keep your devices updated to minimize risk

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS."
— Apple Security Bulletin

Sources

1. The Hacker News: "Apple Patches Two Actively Exploited Zero-Day Vulnerabilities"

2. Apple Insider: "Apple releases security updates for iOS 18.4.1, macOS Sequoia 15.4.1"

3. Apple Support: Security Update Documentation

4. Bleeping Computer: "Apple fixes two zero-days exploited in targeted iPhone attacks"

5. Security Week: "Apple Pushes iOS, macOS Patches to Quash Two Zero-Days"

6. TechCrunch: "Apple says zero-day bugs exploited against specific targeted individuals using iOS"

7. Tom's Guide: "Apple releases emergency security update after 'extremely sophisticated' attack"

8. GB Hackers: "2 Apple Zero-Day Vulnerabilities"

9. Help Net Security: "Apple plugs zero-days holes used in targeted iPhone attacks"

10. Cyber Press: "CISA Apple 0-Day Flaws"