Pierluigi Paganini April 17, 2025

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks.

Apple released out‑of‑band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS targets.

Below are the descriptions of the two vulnerabilities:

• CoreAudio (CVE-2025-31200) – The vulnerability is a memory corruption issue that was addressed with improved bounds checking. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. The company acknowledged Google’s TAG (Threat Analysis Group) for reporting this flaw.
• RPAC (CVE-2025-31201) – An attacker with read/write access could bypass Pointer Authentication on iOS. Apple confirmed it may have been exploited in highly targeted, sophisticated attacks. Apple addressed the flaw by removing the vulnerable code.

Security patches are available for the following devices: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

As usual, Apple has not shared technical details about the attacks. However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, iOS users)