Do Son 
Apple has released emergency security updates for its devices to patch two critical zero-day vulnerabilities that were actively exploited in an “exceptionally sophisticated attack” targeting a limited number of iPhone users. The vulnerabilities affect CoreAudio (CVE-2025-31200) and RPAC (CVE-2025-31201), and span across all major Apple operating systems: iOS, macOS, tvOS, iPadOS, and visionOS.
According to Apple, the flaw in CoreAudio enables an attacker to execute remote code on a device simply by having it process a specially crafted audio file. This vulnerability was discovered jointly by Apple’s own experts and the Google Threat Analysis Group. The second flaw, found in the RPAC component, allows bypassing of Pointer Authentication (PAC)—a key memory protection mechanism in iOS. This vulnerability was identified solely by Apple.
Details about how these vulnerabilities were leveraged in real-world attacks remain undisclosed, with Apple citing that they were part of highly targeted assaults employing “exceptionally sophisticated techniques.” Neither Apple nor Google has provided further comment at this time.
The vulnerabilities have been addressed in iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS Sequoia 15.4.1, and visionOS 2.4.1. The range of affected devices is extensive, including all iPhone models from the XS onward, various iPad versions—Pro, Air, and mini—as well as all Apple TV models and the Vision Pro headset.
Apple strongly urges all users to install the updates without delay.
