Apple Releases Security Update to Fix Two Critical Zero-Day Vulnerabilities

Fast summary

• Apple released new software updates across devices, including iPhones (iOS 18.4.1), iPads (iPadOS 18.4.1), Macs (macOS Sequoia 15.4.1), Apple TVs (tvOS 18.4.1), and vision Pros (visionOS 2.4.1).
• Two critical security vulnerabilities were patched:

– CVE-2025-31200: A flaw in CoreAudio allowing malicious media files to execute code on devices during audio processing.
– CVE-2025-31201: A flaw in RPAC that allows attackers to bypass Pointer Authentication Codes designed to prevent memory corruption exploitation.

• Both vulnerabilities were actively exploited in elegant attacks targeting specific individuals, according to Apple’s statement, similar language used for past exploits like with iOS 18.3.2 patches.
• The iPhone update also fixed a rare bug preventing CarPlay wireless connections in certain vehicles.
• Apple’s approach integrates security patches into broader software updates rather than releasing them separately unless it’s critically urgent like Rapid Security Responses.

medium=RSS”>Read More