Apple has implemented an emergency intervention to resolve two significant zero-day vulnerabilities in its systems. According to communications from the Cupertino-based company, these critical issues have been exploited in highly sophisticated targeted attacks against iPhone users.
The company has released an official statement in its security bulletin, affirming that “Apple is aware that these issues may be exploited for highly sophisticated attacks against individual iOS users.” However, considerable opacity persists regarding the specific attack vectors utilized and the identity of the targeted subjects. This situation is situated within a broader context of increasing complexity in the cybersecurity landscape, where threats assume increasingly targeted and sophisticated characteristics, often with potential geopolitical implications.
The company’s timely intervention highlights the criticality of these vulnerabilities and the need to immediately implement security updates to mitigate potential risks.
Vulnerabilities CVE-2025-31200 and CVE-2025-31201 affect iOS, iPadOS, macOS Sequoia, tvOS, and visionOS products.
These vulnerabilities are classified as “Memory Corruption” and “Improper Authentication,” with CVSS v3.x scores of 7.5 and 6.8 respectively.
The first vulnerability, related to the CoreAudio component, could allow arbitrary code execution when processing an audio stream contained in a specially crafted media file.
The second vulnerability is related to the RPAC component (Root PAC, where PAC stands for Pointer Authentication Code), which is part of Apple’s security measures designed to protect the integrity of memory pointers. This vulnerability could allow an attacker with read and write privileges to bypass Pointer Authentication, avoiding the verification of pointer signatures. This operation could allow altering a program’s execution, running arbitrary code, or taking control of its execution flow.
Affected Apple Products and/or Versions
- macOS Sequoia, versions prior to 15.4.1
- iOS, versions prior to 18.4.1
- iPadOS, versions prior to 18.4.1
- tvOS, versions prior to 18.4.1
- visionOS, versions prior to 2.4.1
Mitigation Actions
Corrective Interventions
The pervasiveness of these vulnerabilities is particularly significant, as they involve a broad spectrum of Apple devices, from the most recent models to those released several years ago, creating a potentially extensive attack surface. The company’s timely intervention highlights the criticality of these vulnerabilities and the necessity to immediately implement security updates to mitigate potential risks.
