Apple has recently released emergency security updates for iOS, macOS, tvOS, and visionOS to address two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that were exploited in a highly sophisticated attack against specific targeted individuals on iOS devices.
The first vulnerability, CVE-2025-31200, impacts CoreAudio, an API used by Apple devices for audio processing. This vulnerability, leading to memory corruption, can be triggered by a maliciously crafted media file. When the audio stream is processed, it allows attackers to execute malicious code.
The second vulnerability, CVE-2025-31201, involves RPAC (Return Pointer Authentication Code), a security feature designed to prevent return-oriented programming attacks and similar code reuse exploits. This vulnerability enables attackers with arbitrary read and write capabilities to bypass Pointer Authentication. Apple has addressed this issue by eliminating the vulnerable code.
The discovery of CVE-2025-31200 was a collaborative effort between Apple and the Google Threat Analysis Group (TAG), which focuses on uncovering and investigating state-sponsored attacks and other advanced persistent threats. On the other hand, Apple identified CVE-2025-31201.
Apple, known for its discreetness with sharing attack details, has not provided specific information regarding the incidents in which these vulnerabilities were exploited. They have only described the attacks as “extremely sophisticated.”
It is important for Apple users to update their devices promptly to protect against potential exploitation of these vulnerabilities. While the attacks targeted specific individuals such as journalists, activists, politicians, diplomats, researchers, and executives in sensitive fields, all users are urged to install the security updates as a precautionary measure.
Users at high risk are advised to activate Lockdown Mode on their iOS and macOS devices and seek guidance from digital security experts, such as Access Now’s Digital Security Helpline, to enhance their digital security practices.
In conclusion, Apple’s swift response in releasing these security updates underscores the company’s commitment to safeguarding user data and privacy. By taking proactive steps to address vulnerabilities, Apple continues to prioritize the security and protection of its users’ devices and information.
For further updates and alerts on cybersecurity threats, breaches, and vulnerabilities, users can subscribe to breaking news e-mail alerts to stay informed and secure.