Apple released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two actively exploited vulnerabilities. The first flaw, CVE-2025-31200, is a memory corruption issue in the Core Audio framework, which could allow code execution via maliciously crafted audio files. The second, CVE-2025-31201, involves a vulnerability in the RPAC component, enabling attackers to bypass Pointer Authentication by manipulating read and write capabilities. Apple addressed these vulnerabilities by improving bounds checking and removing the vulnerable section of code.
Both vulnerabilities were exploited in targeted attacks against specific individuals on iOS, according to Apple. The issues were discovered with the help of the Google Threat Analysis Group (TAG), which reported CVE-2025-31200. Apple has now patched a total of five zero-day vulnerabilities since the start of the year. Other previously addressed vulnerabilities included bugs in Core Media, Accessibility, and WebKit components, all of which had been actively exploited.
The security updates are available for a range of devices and operating systems. These include iOS 18.4.1 and iPadOS 18.4.1 for iPhone XS and later, various iPad models, and macOS Sequoia 15.4.1 for compatible Macs. Additionally, tvOS 18.4.1 and visionOS 2.4.1 updates have been released for Apple TV HD, Apple TV 4K, and Apple Vision Pro devices. Apple urges users to apply the updates promptly to mitigate risks from these vulnerabilities.
Given the active exploitation of these flaws, users are strongly advised to update their devices to the latest versions. With multiple vulnerabilities being exploited, staying up to date is critical for maintaining device security and protecting against targeted attacks.