Apple just rolled out iOS 18.4.1, and this isn’t your usual bug fix update. This mid-cycle release tackles two critical zero-day vulnerabilities that Apple says were used in “extremely sophisticated” attacks against specific, high-profile iOS users. The update also spans iPadOS, macOS Sequoia, visionOS, and tvOS, reinforcing just how widespread the threat might be.
The first vulnerability, tracked as CVE-2025-31200, affects Apple’s Core Audio framework. Discovered by Apple in collaboration with Google’s Threat Analysis Group, the flaw allowed attackers to execute arbitrary code simply by tricking a device into processing a maliciously crafted media file. That’s a big deal, especially since Core Audio is baked into every Apple device.
The second, CVE-2025-31201, was found internally by Apple. It targets a lower-level security safeguard known as Return Pointer Authentication Code (RPAC). This system is designed to block attackers from injecting malicious code into a device’s memory. The exploit reportedly allowed attackers with read/write access to sidestep these protections entirely.
Apple hasn’t confirmed who’s behind the attacks or how many users were hit, but Google’s involvement hints at possible state-backed operations. This wouldn’t be the first time, Apple has long been in the crosshairs of sophisticated spyware operations targeting activists, journalists, and dissidents.
This update also quietly fixes a rare wireless CarPlay issue affecting certain vehicles, which some users had flagged as more than just an inconvenience. If you’re on an iPhone XS or newer, or using recent models of iPads, Macs, or Apple TV, you’ll want to update now.
Apple has now patched five zero-days in 2025 alone. The message is clear: even the most locked-down ecosystems aren’t immune to evolving threats, and updates like these aren’t optional.
For more daily updates, please visit our News Section.
Stay ahead in tech! Join our Telegram community and sign up for our daily newsletter of top stories!
The post Apple fixes two zero-day vulnerabilities targeting iPhones in new emergency update appeared first on Gizmochina.