Apple has rolled out critical security updates across its ecosystem, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, to address two newly discovered zero-day vulnerabilities that are currently being exploited in real-world attacks.
Two Actively Exploited Zero-Day Flaws Patched
The recent update fixes two specific vulnerabilities, both of which pose serious threats to device security and user data:
- CVE-2025-31200 (CVSS Score: 7.5) – A memory corruption issue within the Core Audio framework. If exploited via a maliciously crafted media file, this flaw could enable attackers to execute arbitrary code during audio stream processing.
- CVE-2025-31201 (CVSS Score: 6.8) – A security hole in the RPAC component. It can allow attackers with arbitrary read/write access to bypass Apple’s Pointer Authentication protections.
Apple has been quick to react to resolve these issues. The first flaw was mitigated through enhanced bounds checking, while the second vulnerability was addressed by removing the problematic section of code entirely.
Apple and Google Join Forces on Discovery
Interestingly, Apple wasn’t alone in uncovering these threats. The CVE-2025-31200 vulnerability was jointly reported by Apple’s internal security team and Google’s Threat Analysis Group (TAG), showcasing a collaborative industry effort to curb sophisticated cyber attacks.
In its official advisory, Apple confirmed that these exploits were used in “extremely sophisticated” attacks targeting specific individuals, underscoring the importance of staying current with security updates.
Five Zero-Days Exploited in 2025 So Far
With the inclusion of these latest vulnerabilities, Apple has now patched a total of five zero-day exploits in 2025. Below is a recap of previously addressed vulnerabilities:
- CVE-2025-24085 (CVSS Score: 7.8) – A use-after-free vulnerability in Core Media, enabling malicious applications to escalate privileges on affected devices.
- CVE-2025-24200 (CVSS Score: 4.6) – An authorization flaw in the Accessibility component that could disable USB Restricted Mode through a physical attack.
- CVE-2025-24201 (CVSS Score: 7.1) – An out-of-bounds write bug in WebKit, allowing attackers to escape the web content sandbox using malicious web content.
These zero-day flaws exemplify how cyber attackers are increasingly targeting high-value vulnerabilities to compromise Apple’s secure platforms.
Who Should Update?
Apple’s latest security updates are available for a wide range of devices. Users are strongly encouraged to update immediately to protect themselves from potential exploitation. Here’s a breakdown of supported platforms and devices:
iOS and iPadOS 18.4.1
– iPhone XS and later
– iPad Pro 13-inch
– iPad Pro 13.9-inch (3rd generation and later)
– iPad Pro 11-inch (1st generation and later)
– iPad Air (3rd generation and later)
– iPad (7th generation and later)
– iPad mini (5th generation and later)
macOS Sequoia 15.4.1
– All Macs compatible with macOS Sequoia
tvOS 18.4.1
– Apple TV HD
– All models of Apple TV 4K
visionOS 2.4.1
– Apple Vision Pro
Why You Should Update Now
Given that the vulnerabilities are actively being exploited, this update is not just routine, it is critical. Users who fail to update their systems may remain vulnerable to remote code execution, privilege escalation, and bypassed security mechanisms.
Keeping your devices updated is one of the simplest yet most powerful ways to defend against such attacks.
How to Update
To ensure your device is protected:
- Go to Settings
- Tap General
- Select Software Update
- Download and install the latest available version
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: