NEWS Apple Patches Two 0-Day Exploits Used in iPhone Attacks

Doni

Doni

Moderator
Staff member
Moderator
BFD Member
ULTIMATE
Local
Active Member
Joined
Jan 17, 2025
Messages
257
Reaction score
414
Deposit
1,000$
Telegram
Telegram

The company rolls out emergency updates for all platforms, including iOS, macOS, and visionOS.


1744938655624.png
Apple has released out-of-band security updates to address two zero-day vulnerabilities exploited in a "highly sophisticated attack" targeting a limited number of iPhone users. The flaws—CVE-2025-31200 (CoreAudio) and CVE-2025-31201 (RPAC)—affect all major Apple operating systems: iOS, macOS, tvOS, iPadOS, and visionOS.

According to Apple, the CoreAudio bug allows an attacker to execute remote code execution (RCE) by tricking a device into processing a maliciously crafted audio file. The vulnerability was discovered by Apple’s security team in collaboration with Google’s Threat Analysis Group (TAG).

The second flaw, in the RPAC (Return-oriented Programming with PAC bypass) component, circumvents Pointer Authentication (PAC)—a critical memory protection feature in iOS. This exploit was identified solely by Apple’s internal researchers.

Neither Apple nor Google has disclosed specific attack details, describing the incidents as "extremely targeted" and using "exceptionally advanced techniques."

Affected Devices & Updates

The fixes are included in:

  • iOS 18.4.1
  • iPadOS 18.4.1
  • tvOS 18.4.1
  • macOS Sequoia 15.4.1
  • visionOS 2.4.1
Impacted devices include:

  • All iPhone models since XS
  • iPad Pro, iPad Air, iPad mini
  • Apple TV
  • Vision Pro headset
Though the attacks were limited, Apple strongly urges all users to install the updates immediately. These mark the fourth and fifth zero-days patched by Apple this year, following fixes in January, February, and March.
 
You must log in or register to reply here.
Register
Top