Apple has released an urgent update, iOS 18.4.1, and iPadOS 18.4.1, to address two zero-day vulnerabilities that had been exploited in targeted attacks against specific iOS users. The vulnerabilities, found in the CoreAudio and RPAC components, posed significant risks by allowing unauthorized code execution and bypassing critical security protections.
The first vulnerability, known as CVE-2025-31200, affected CoreAudio, a crucial system component for handling audio streams on iOS and iPadOS devices. Apple revealed that a specially crafted media file could exploit a memory corruption flaw in CoreAudio, potentially enabling attackers to execute malicious code. Apple and Google’s Threat Analysis Group confirmed that this vulnerability had been actively used in targeted attacks, indicating a high level of sophistication on the part of the attackers.
The second issue, CVE-2025-31201, was found in RPAC, a security feature designed to prevent return-oriented programming attacks. This vulnerability could be exploited by an attacker with read and write access to disable Pointer Authentication, undermining a key defense mechanism. The same targeted campaign that exploited the CoreAudio vulnerability also leveraged this flaw, prompting Apple to remove the problematic code to fix the issue.
The affected devices include a range of models such as iPad mini (5th generation and later), iPhone XS and later, various models of iPad Pro and iPad Air, and iPad (7th generation and later). Apple addressed the CoreAudio vulnerability by implementing enhanced bounds checking and fixed the RPAC issue by removing the affected code.
While Apple has not disclosed specific details about the targets or perpetrators of these attacks, experts believe that the precision and complexity of the exploits indicate the involvement of advanced threat actors, potentially state-sponsored groups. Zero-day vulnerabilities, which exploit unknown security flaws, are typically used in high-stakes scenarios such as espionage or targeting prominent individuals. Cybersecurity professionals emphasize the importance of prompt updates to protect devices against such targeted threats.
Apple followed its security protocol by withholding details of the vulnerabilities until fixes were ready, prioritizing user safety. The company’s security release notes from April 16, 2025, outline the vulnerabilities and affected devices, with additional information available on the Apple Product Security page. Users can update to iOS 18.4.1 or iPadOS 18.4.1 by accessing Settings > General > Software Update on their devices. Apple strongly advises all eligible users to install the update immediately to safeguard against potential exploitation.
In conclusion, the recent zero-day vulnerabilities exploited in “extremely sophisticated” attacks highlight the ongoing threat landscape faced by iOS users. By promptly releasing updates to address these vulnerabilities, Apple aims to protect its users from potential security risks. Stay informed about the latest cybersecurity news by following us on Google News, LinkedIn, and X for instant updates.