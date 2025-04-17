Vulnerability Management, Patch/Configuration Management

Actively exploited Apple zero-days patched

iPhone 13 Pro with apple logo loading and installing operating system ios 15.5 on the screen close up, new ios 2022 on apple devices sub v. ios 15 for updates

(Adobe Stock)

Updates have been issued by Apple to address a pair of zero-day vulnerabilities affecting iOS, macOS, iPadOS, tvOS, and visionOS, which was leveraged in a highly advanced and targeted iPhone attack, according to BleepingComputer.

First of the patched zero-days is the CoreAudio issue, tracked as CVE-2025-31200, which could be leveraged to facilitate remote code execution via audio stream processing in a malicious media file, while the other is an RPAC flaw, tracked as CVE-2025-31201, which could be exploited to evade the Pointer Authentication security feature and achieve read or write access, said Apple. Additional details regarding the exploits were not provided but Apple urged immediate implementation of iOS 18.4.1, macOS Sequoia 15.4.1, iPadOS 18.4.1, tvOS 18.4.1, and visionOS 2.4.1 to mitigate risks. Almost half a dozen zero-days have already been addressed by Apple so far this year, with the company remediating the CVE-2025-24085, CVE-2025-24200, and CVE-2025-24201 bugs between January and March.

Related

Phishing campaigns abuse Windows NTLM hash leak bug

BleepingComputer reports that government organizations and private firms have been subjected to attacks exploiting the recently patched Windows NTLM hash leak vulnerability, tracked as CVE-2025-24054, as part of separate phishing campaigns between Mar. 20 and Mar. 25, with one of the identified IP addresses associated with Russian state-backed threat operation APT28, also known as Fancy Bear.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds