Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.”
CVE-2025-31200 and CVE-2025-31201
CVE-2025-31200 affects CoreAudio, an API Apple devices use for processing audio. The memory corruption vulnerability can be triggered with a maliciously crafted media file: when the audio stream in it is processed, it allows attackers to execute malicious code.
CVE-2025-31201 is an issue in RPAC (Return Pointer Authentication Code), a security feature that aims to thwart return-oriented programming attacks and similar code reuse exploits.
The vulnerability allows an attacker with arbitrary read and write capability to bypass Pointer Authentication. Apple fixed the security hole by removing the vulnerable code.
Update ASAP
CVE-2025-31200 was discovered by Apple and the Google Threat Analysis Group (TAG), which uncovers and investigates state-sponsored attacks and other advanced persistent threats. CVE-2025-31201 was flagged by Apple.
As is typical for Apple, the company did not share details about the attacks during which these vulnerabilities have been exploited – we have to be satisfied with their categorization of the attacks as “extremely sophisticated”.
(Apple has used the same wording earlier this year, when providing a fix for CVE-2025-24200, a vulnerability that allowed attackers with physical access to targeted locked devices to disable USB Restricted Mode.)
These latest attacks were aimed against specific individuals, which means that Apple users that are not journalists, activists/dissidents, politicians/diplomats, researchers and executives in sensitive fields, or other users that have access to valuable data or communications, are unlikely to be in grave danger.
Nevertheless, all users should implement the provided security updates as soon as possible.
High-risk users should consider enabling Lockdown Mode on their iOS and macOS devices and consult with digital security experts (e.g., Access Now’s Digital Security Helpline) on how to improve their digital security practices.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!