Apple released security updates on Wednesday for two zero-day vulnerabilities. The tech giant's updates patched the security flaws in iOS 18.4.1, tvOS 18.4.1, iPadOS 18.4.1, visionOS 2.4.1 and macOS Sequoia 15.4.1.
According to Apple's security bulletin, the vulnerabilities may have been used in an "extremely sophisticated attack against specific targeted individuals". The company has not provided details about organisations or individuals who may have carried out the attack.
Apple Security Patches
A flaw was found by Google Threat Analysis Group and Apple in CoreAudio CVE-2025-31200. The American tech giant also found an issue in RPAC CVE-2025-31201.
The CoreAudio CVE-2025-31200 security flaw can result in remote code execution by processing an audio stream in a "maliciously crafted media file".
The company addressed a memory corruption issue via improved bounds checking. The RPAC vulnerability could be used by an attacker to bypass Pointer Authentication, which helps protect Apple devices against memory vulnerabilities. The attacker needed to have arbitrary read and write capabilities to exploit the flaws. The vulnerable section of code was removed by Apple.
Which Apple Devices Potentially Affected?
The CVE-2025-31200 and RPAC security flaws affected a range of Apple devices, such as the iPad Pro 13-inch, iPad Pro 11-inch 1st generation and later, iPad Pro 13.9-inch 3rd generation and later, as well as iPad Pro 13.9-inch 3rd generation and later. The iPhone XS, iPad mini 5th generation and iPad 7th generation, plus subsequent variants of the devices, were also potentially impacted.
Apart from that, all Apple devices with macOS Sequoia, Apple Vision Pro and all models of the Apple TV 4K and Apple TV HD were impacted.
Users need to update their devices to the latest software version as soon as possible to ensure their devices are secure. They can use the automatic updates function on their devices to check if the latest software version has been installed.
Alternatively, they can go to Settings > General > Software Update to check for any new updates manually.
Apple does not confirm or discuss security issues until a probe is carried out and releases or patches are available to protect devices. According to Bleeping Computer, this is the fifth time in the year so far that Apple has fixed zero-day flaws. The company had repaired the CVE-2025-24085 security issue in January, followed by the CVE-2025-24200 flaw in February, and the CVE-2025-24201 vulnerability in March.
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.
