Ddos 
Apple has issued urgent security updates across its ecosystem—including iOS, macOS, iPadOS, tvOS, and visionOS—to patch two zero-day vulnerabilities actively exploited in what the company described as an “extremely sophisticated attack” targeting specific iPhone users.
The vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, were discovered by Apple’s internal teams in collaboration with Google’s Threat Analysis Group (TAG). Both flaws have already been leveraged in targeted exploits, although Apple has not disclosed who was behind the attacks or how widespread the impact was.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” the company stated in a security bulletin released on Wednesday.
The first vulnerability resides in CoreAudio, Apple’s low-level audio processing framework. Identified as CVE-2025-31200, the flaw can be triggered by processing a maliciously crafted audio stream, potentially embedded within media files, allowing remote attackers to execute arbitrary code on the target device.
This vulnerability affects multiple Apple platforms and could be exploited silently—making it an ideal attack vector for espionage-focused threat actors.
The second flaw, CVE-2025-31201, was found in RPAC (Remote Procedure Authentication Component) and allows adversaries with read or write privileges to bypass Pointer Authentication Codes (PAC)—a security mechanism in Apple silicon that helps mitigate memory corruption attacks by validating function pointers.
Bypassing PAC could allow attackers to escalate privileges or maintain stealthy persistence on compromised devices—raising serious concerns about long-term surveillance and data exfiltration capabilities.
Apple has remained tight-lipped on the attackers’ identities and methods. The company has not disclosed how the exploits were delivered or whether any users were successfully compromised.
To counter the threat, Apple has rolled out critical software updates:
- iOS 18.4.1 / iPadOS 18.4.1 for iPhones and iPads
- macOS Sequoia 15.4.1
- tvOS 18.4.1
- visionOS 2.4.1 for the Apple Vision Pro
Users are strongly urged to update their devices immediately, especially those who may be at higher risk—journalists, activists, and high-profile individuals.
Related Posts:
- Israel filed a suit against Apple on the iPhone
- The National Police Agency have the ability to crack iPhone
- Apple Addresses Kernel Zero-Day Vulnerability in Older iPhones and iPads
- CISA Sounds the Alarm on Actively Exploited Apple and Oracle Zero-Days
About The Author
