Apple has released security updates for its operating systems, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, in order to address two security vulnerabilities that are currently being exploited in the wild.
The vulnerabilities in question are as follows:
- CVE-2025-31200 (CVSS score: 7.5) – This vulnerability is a memory corruption issue in the Core Audio framework. It could potentially allow code execution when processing an audio stream in a maliciously crafted media file.
- CVE-2025-31201 (CVSS score: 6.8) – This vulnerability is present in the RPAC component and could be utilized by an attacker to bypass Pointer Authentication, given arbitrary read and write capabilities.
Apple has addressed CVE-2025-31200 by implementing improved bounds checking and resolved CVE-2025-31201 by removing the vulnerable section of code.
Both vulnerabilities have been credited to Apple, with the Google Threat Analysis Group (TAG) also receiving credit for reporting CVE-2025-31200.
According to Apple, the company is aware that these issues have been exploited in highly sophisticated attacks targeting specific individuals using iOS devices.
With these latest updates, Apple has addressed a total of five actively exploited zero-day vulnerabilities in its software since the beginning of the year. These include:
- CVE-2025-24085 (CVSS score: 7.8) – A use-after-free bug in the Core Media component that could allow a malicious application to elevate privileges.
- CVE-2025-24200 (CVSS score: 4.6) – An authorization issue in the Accessibility component that could enable an attacker to disable USB Restricted Mode on a locked device as part of a cyber-physical attack.
- CVE-2025-24201 (CVSS score: 7.1) – An out-of-bounds write issue in the WebKit component that could be exploited to break out of the Web Content sandbox using maliciously crafted web content.
Security updates are available for the following devices and operating systems:
- iOS 18.4.1 and iPadOS 18.4.1 – Compatible with iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
- macOS Sequoia 15.4.1 – Compatible with Macs running macOS Sequoia.
- tvOS 18.4.1 – Compatible with Apple TV HD and Apple TV 4K (all models).
- visionOS 2.4.1 – Compatible with Apple Vision Pro.
In light of the active exploitation of these vulnerabilities, users are strongly advised to update their devices to the latest version to protect themselves against potential risks.
