CyberSecurity news
FlagThis
@www.bleepingcomputer.com
//
Apple has released emergency security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two zero-day vulnerabilities that have been actively exploited in "extremely sophisticated attacks." The vulnerabilities, CVE-2025-31200 and CVE-2025-31201, affect the CoreAudio and RPAC components respectively, posing significant risks to users. Apple is urging users to immediately update their devices to the latest versions to safeguard against these threats.
These vulnerabilities were actively exploited in the wild, prompting Apple to release iOS 18.4.1 and iPadOS 18.4.1. CVE-2025-31200, a memory corruption vulnerability in the CoreAudio framework, could allow code execution when processing a maliciously crafted media file. Apple addressed this with improved bounds checking. The second flaw, CVE-2025-31201, is a vulnerability in the RPAC component that could allow an attacker to bypass Pointer Authentication, and Apple resolved this by removing the vulnerable code.
The updates are available for a wide range of devices, including iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later, as well as Macs running macOS Sequoia, Apple TV HD and Apple TV 4K (all models), and Apple Vision Pro. Apple credited both itself and Google Threat Analysis Group (TAG) for reporting CVE-2025-31200. This highlights the importance of prompt updates to mitigate potential risks.
ImgSrc: www.bleepstatic
References :
These vulnerabilities were actively exploited in the wild, prompting Apple to release iOS 18.4.1 and iPadOS 18.4.1. CVE-2025-31200, a memory corruption vulnerability in the CoreAudio framework, could allow code execution when processing a maliciously crafted media file. Apple addressed this with improved bounds checking. The second flaw, CVE-2025-31201, is a vulnerability in the RPAC component that could allow an attacker to bypass Pointer Authentication, and Apple resolved this by removing the vulnerable code.
The updates are available for a wide range of devices, including iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later, as well as Macs running macOS Sequoia, Apple TV HD and Apple TV 4K (all models), and Apple Vision Pro. Apple credited both itself and Google Threat Analysis Group (TAG) for reporting CVE-2025-31200. This highlights the importance of prompt updates to mitigate potential risks.
ImgSrc: www.bleepstatic
Share:
References :
- gbhackers.com: Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day vulnerabilities that were actively exploited in “extremely sophisticated†attacks aimed at specific iOS users.
- securityaffairs.com: Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks.
- The Hacker News: Apple has released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
- www.csoonline.com: Apple is urging immediate patching of two zero-day vulnerabilities in its CoreAudio and RPAC components, citing their use in what the iPhone maker describes as “extremely sophisticated attacks.â€
- Malwarebytes: Apple patches security vulnerabilities in iOS and iPadOS. Update now!
- Rescana: Analysis of Apple Core Media and CoreAudio Zero-Day Vulnerabilities Impacting iOS and macOS Systems
- Security | TechRepublic: Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks
Classification:
- HashTags: #Apple #ZeroDay #Vulnerability
- Company: Apple
- Target: Apple users
- Product: iOS, iPadOS, macOS, tvOS, visionOS
- Feature: CoreAudio, RPAC
- Type: Vulnerability
- Severity: Major