Apple has revealed that two zero-day vulnerabilities affecting iOS devices were likely exploited in the wild. The company confirmed that both flaws were used in “extremely sophisticated” attacks targeting specific individuals. While no widespread threat to the general user base was mentioned, the language Apple used is eerily familiar. This kind of phrasing often surfaces in cases involving spyware or state-sponsored activity—similar to what we saw with the Pegasus scandal a few years ago.
The vulnerabilities are tied to CoreAudio and RPAC , two internal frameworks that operate deep within iOS’s core systems. These aren’t components most users think about daily, but they play a critical role in the operating system’s functionality.
CoreAudio Vulnerability (CVE-2025-31200)
The first flaw resides in CoreAudio, a framework responsible for audio processing. According to Apple, “Processing an audio stream in a maliciously crafted media file may result in arbitrary code execution.” The issue stemmed from a memory corruption bug, which Apple resolved by implementing stricter bounds checking to prevent exploitation.
RPAC Vulnerability (CVE-2025-31201)
The second vulnerability is more abstract but potentially far more dangerous. It involves RPAC (Return Pointer Authentication Code), a low-level security mechanism designed to protect against memory-based attacks. This bug allowed attackers with read and write access to bypass pointer authentication—a critical safeguard against such exploits. Apple’s response was decisive: the company removed the vulnerable code entirely, eliminating the risk.
Why This Matters
Apple rarely admits when vulnerabilities are being actively exploited unless absolutely necessary. Similarly, detailed breakdowns or naming specific threats are uncommon, especially when the situation is still unfolding. So when Apple releases a document like this, it’s often a strong indicator that something serious—and potentially alarming—has occurred behind the scenes.
Notably, both fixes were rolled out quietly ahead of WWDC, Apple’s annual developer conference. This timing suggests the company wanted to address these issues discreetly before shifting focus to the flashy new features of iOS 19, such as a revamped user interface and enhanced Siri capabilities.
A Familiar Pattern
This isn’t the first time Apple devices have been targeted by sophisticated exploits. In 2021, the FORCEDENTRY zero-click iMessage vulnerability was used to install Pegasus spyware without requiring any interaction from the user—not even clicking a link. The latest revelations reinforce the ongoing cat-and-mouse game between tech giants and advanced threat actors.
What You Should Do
Apple has confirmed that these vulnerabilities are patched in iOS 18.4.1 and iPadOS 18.4.1 , which are available now. If you own an iPhone XS or later, or a compatible iPad, this is one update you’ll want to install immediately to ensure your device remains secure.
Additional fixes have also been released for:
- tvOS 18.4.1
- macOS Sequoia 15.4.1
- VisionOS 2.4.1