Apple Issues Emergency Fixes for Actively Exploited iOS, iPadOS, and macOS Flaws
Apple has rolled out urgent security updates to patch two critical vulnerabilities—CVE-2025-31200 and CVE-2025-31201—affecting iOS, iPadOS, and macOS devices. The company confirmed these flaws were exploited in a limited number of highly sophisticated attacks aimed at specific iOS users.
Vulnerability Details:
CVE-2025-31200 (CoreAudio):
This memory corruption issue could allow code execution when processing malicious audio files. Apple credited Google’s Threat Analysis Group (TAG) for identifying the flaw, which has reportedly been exploited in targeted attacks. The issue was resolved through improved bounds checking.
CVE-2025-31201 (RPAC):
This bug allowed attackers with read/write access to bypass Pointer Authentication, a crucial security feature in iOS. Apple confirmed it has been abused in advanced, targeted operations and resolved the issue by removing the vulnerable code.
Affected Devices:
The patches apply to a wide range of devices, including:
- iPhone XS and later
- iPad Pro (11-inch 1st gen and later, 13-inch, and 12.9-inch 3rd gen and later)
- iPad Air (3rd gen and later)
- iPad (7th gen and later)
- iPad mini (5th gen and later)
While Apple has not disclosed the full technical details or the identity of the threat actors, the nature of the attacks points to nation-state groups or commercial surveillance vendors.
Users are strongly advised to update their devices immediately to mitigate the risk of exploitation.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
