Two Critical Vulnerabilities Discovered in Apple iPhones
One of the leading companies in the tech world, Apple, has recently announced an urgent security update for iPhone and iPad users. This update is being distributed through iOS 18.4.1 and iPadOS 18.4.1. The reason is serious — two zero-day vulnerabilities (previously unknown flaws) in the iOS system have been actively exploited by cyber attackers.
These vulnerabilities are not ordinary bugs. They were used in highly targeted and sophisticated cyberattacks against specifically selected users. Therefore, the issue is not only technical but also raises serious concerns regarding privacy and security.
🎧 1. CoreAudio Vulnerability – CVE-2025-31200
iPhones and iPads rely heavily on the CoreAudio system for audio processing. The vulnerability was found in this essential component, allowing attackers to trigger memory corruption using a specially crafted malicious audio file, which could then enable arbitrary code execution.
Apple stated the following in its official report:
“Processing a maliciously crafted audio stream may lead to arbitrary code execution. This issue was exploited in very sophisticated attacks targeting specific iOS users.”
This vulnerability was discovered in collaboration with the Google Threat Analysis Group and has already been patched.
🛡 2. RPAC Vulnerability – CVE-2025-31201
The second vulnerability was found in the RPAC (Return-oriented Programming Attack Countermeasure) mechanism. This system includes a critical security feature called Pointer Authentication, which helps protect the iOS system from malicious code manipulation.
However, due to this flaw, if an attacker has arbitrary read/write access, they can bypass this protection — essentially gaining unrestricted control over the system.
Apple has confirmed that this vulnerability, too, was exploited as part of the same well-planned attack. Necessary patches have been issued and malicious code has been removed from affected systems.
📱 Which Devices Were Affected?
The following Apple devices were at risk due to the vulnerabilities mentioned above:
- iPhone XS and later models
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd generation and newer)
- iPad Pro 11-inch (1st generation and newer)
- iPad Air (3rd generation and newer)
- iPad (7th generation and newer)
- iPad mini (5th generation and newer)
Apple described these attacks as “highly sophisticated and targeted,” indicating the likely involvement of nation-state actors or financially motivated cybercrime groups.
Zero-day vulnerabilities like these often require substantial financial and technical resources, but their outcomes — such as undetected system breaches, compromised privacy, and covert espionage — significantly increase the level of risk.
✅ Update Immediately to Stay Protected
Apple has already released the necessary updates for iOS and iPadOS users. To protect your device, follow these steps to update:
- Go to Settings
- Tap General
- Select Software Update
- Install the iOS 18.4.1 or iPadOS 18.4.1 update
Apple strongly urges all users to install this update as soon as possible, as no user interaction is required for exploitation.
Cyberattacks are becoming increasingly sophisticated. Even modern technology like iPhones can be vulnerable. However, Apple’s swift response in detecting and patching the vulnerabilities reaffirms that user security remains a top priority in the tech world.
✅ Update today. Protect yourself and your data.
