Cyber Security News

2 Apple Zero-Day Vulnerabilities Actively Exploited in “Extremely” Sophisticated iOS Attacks

Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day vulnerabilities that were actively exploited in “extremely sophisticated” attacks aimed at specific iOS users.

The flaws, found in the CoreAudio and RPAC components, posed serious risks, including unauthorized code execution and the bypassing of critical security protections.

The first vulnerability, CVE-2025-31200, affects CoreAudio, a key system for handling audio streams on iOS and iPadOS devices.

Apple disclosed that processing a maliciously crafted media file could exploit a memory corruption flaw, potentially allowing attackers to run harmful code.

Apple and Google’s Threat Analysis Group confirmed reports of this issue’s use in targeted attacks, indicating a highly advanced operation.

The second issue, CVE-2025-31201, lies in RPAC, a security feature designed to thwart return-oriented programming attacks.

This flaw could enable an attacker with read and write access to disable Pointer Authentication, undermining a core defense mechanism.

The same targeted campaign also exploited this vulnerability, which Apple acknowledged and fixed by removing the problematic code.

Affected Devices

The updates apply to a wide range of devices, including

  • iPad mini (5th generation and later)
  • iPhone XS and later
  • iPad Pro 13-inch, iPad Pro 13.9-inch (3rd generation and later)
  • iPad Pro 11-inch (1st generation and later)
  • iPad Air (3rd generation and later)
  • iPad (7th generation and later)

Apple resolved the CoreAudio flaw through enhanced bounds checking and eliminated the RPAC vulnerability by excising the affected code.

Apple has not revealed specifics about the targets or perpetrators, but the precision and complexity of the attacks suggest involvement of advanced threat actors, possibly state-backed groups.

Zero-day vulnerabilities, which exploit unknown flaws, are typically deployed in high-stakes scenarios like espionage or attacks on prominent individuals. Cybersecurity experts warn that such threats, while rare, underscore the need for vigilance.

“These exploits are a stark reminder of how critical timely updates are,” said a cybersecurity analyst familiar with the issue. “Users must act quickly to secure their devices against these kinds of targeted threats.”

True to its security protocol, Apple withheld details of the vulnerabilities until fixes were ready, prioritizing user safety.

The company’s security release notes, issued on April 16, 2025, outline the vulnerabilities and affected devices. Additional details are available on the Apple Product Security page.

Users can update to iOS 18.4.1 or iPadOS 18.4.1 by navigating to Settings > General > Software Update.

Apple urges all eligible users to install the update immediately to protect against potential exploitation.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security breach…

43 minutes ago

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately…

2 hours ago

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…

16 hours ago

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…

16 hours ago

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…

16 hours ago

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…

16 hours ago