Users of Apple devices are advised to update their iPhones to the latest iOS version. On April 16, Apple released iOS 18.4.1, which addresses two zero-day vulnerabilities that have been exploited by hackers. In a statement on its website, Apple acknowledged reports that these vulnerabilities had been used in sophisticated attacks targeting specific individuals on iOS.
The vulnerabilities affect Core Audio and the Return Pointer Authentication Code (RPAC). Core Audio is an API used by Apple for sound processing, and the exploit (CVE-2025-31200) allows unauthorized code execution when handling a “maliciously crafted media file.” The RPAC, a security feature in iOS designed to prevent manipulation of existing code, is vulnerable through the exploit (CVE-2025-31201), which permits a threat actor with arbitrary read and write capability to bypass the Pointer Authentication security mechanism.
These vulnerabilities are not limited to the iPhone; they also impact various other Apple products, including select models of the iPad, Apple TV, Apple Vision Pro, and Macs running macOS Sequoia. Apple has issued updates for the operating systems of the affected devices to mitigate these vulnerabilities.
