Apple has released an emergency security update to patch a two-day zero-day vulnerability used in “very sophisticated attacks” against a specific target iPhone.
Two vulnerabilities are found in Coreaudio (CVE-2025-31200) and RPAC (CVE-2025-31201), with both bugs affecting iOS, MACOS, TVO, iPados, and VisionO.
“Apple is aware of reports that this issue may have been exploited in a highly sophisticated attack on a specific targeted individual on iOS,” reads Apple Security News released today.
Coreaudio’s CVE-2025-31200 defects were discovered by Apple and the Google Threat Analysis team. It can be used by processing audio streams with malicious media files and running remote code on the device.
The company also revised the CVE-2025-31201 discovered by Apple. This is a bug in RPAC that allows read or write access to Bypass Pointer Authentication (PAC), an iOS security feature that helps protect against memory vulnerabilities.
Apple has not shared details about how the flaws were exploited in the attack. BleepingComputer contacted Apple and Google with questions about the defect, but has not received a response.
Both vulnerabilities were fixed on iOS 18.4.1, iPados 18.4.1, TVOS 18.4.1, Macos Sequoia 15.4.1, and Visionos 2.4.1.
The list of devices affected by these zero-days is extensive and affects older and newer models.
iPhone XS and subsequent iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd Generation and later, iPad 7-gen and later, iPad Mini 5th Generation and Anter Macos Apple TV HD and Apple TV 4K (all models) Apple Vision Pro
These zero-day flaws have been exploited in highly targeted attacks, but users are highly encouraged to install as soon as possible.
These vulnerabilities have led Apple to lock it up for five days from the beginning of this year in January (CVE-2025-24085), February (CVE-2025-24200), and March (CVE-2025-24201).
