If you’ve been holding off updating your iPhone (or your other Apple devices for that matter), now is the time to do so as a new series of emergency security updates have been released to fix two zero-day flaws.
As reported by BleepingComputer, these recently discovered vulnerabilities were quickly patched by the company after it became aware that they may have been exploited in an “extremely sophisticated attack”. In a security bulletin, Apple explains that this attack was against “specific targeted individuals” using one of the best iPhones.
The first zero-day (tracked as CVE-2025-31200) is a flaw in CoreAudio that was discovered by security researchers from both Apple and Google’s Threat Analysis Group. If exploited by hackers, it can be used to execute remote code on a vulnerable device by processing an audio stream in a maliciously crafted media file.
The second zero-day (tracked as CVE-2025-31201) is a flaw in Apple’s Remote Participant Audio Control (RPAC) framework that the company discovered on its own. Hackers with read and write access to a vulnerable device can exploit this vulnerability to bypass an iOS security feature called Pointer Authentication which helps protect against memory
Impacted Apple devices
Just like it normally does, Apple hasn’t shared any additional details regarding how these zero-day flaws were exploited in this extremely sophisticated attack.
The reason the company does things this way is to give its users plenty of time to update their devices while also preventing hackers from reverse engineering these attacks so that they can recreate them.
What we do know though is that a ton of Apple devices are impacted by these two zero-days including:
- iPhone (XS and later)
- iPad Pro 13-inch, iPad Pro 13.9 inch (3rd gen and later)
- iPad Pro 11-inch (1st gen and later)
- iPad Air (3rd gen and later)
- iPad (7th gen and later)
- iPad mini (5th gen and alter)
- Macs running macOS Sequoia
- Apple TV HD
- Apple TV 4K (all models)
- Apple Vision Pro
When it comes to Apple zero-days, they can be highly valuable for hackers and other cybercriminals. As such, they’re often used in attacks against high-profile individuals like CEOs and politicians instead of ordinary people.
Still though, you’re going to want to update your Apple devices ASAP since attacks exploiting vulnerabilities like these tend to trickle down to ordinary users eventually.
How to keep your iPhone and Mac safe from hackers
Hackers love to go after people running outdated software as they’re easy targets. For this reason, you want to install the latest iPhone, Mac and other security updates from Apple as soon as they become available to minimize your risk of falling victim to an attack leveraging security flaws or vulnerabilities that have already been patched.
From here, you want to make sure that you and the rest of your household are practicing good cyber hygiene.
This means not clicking on links or downloading attachments from unknown senders as well as not responding to suspicious emails that come with a sense of urgency. All of the examples above are tell-tale signs of a phishing scam which could put your personal and financial data at risk and could potentially lead to you falling victim to identity theft.
While your Mac comes with Apple’s own XProtect security software pre-installed, you may also want to consider using the best Mac antivirus software alongside it for extra protection.
Although there isn’t an iPhone equivalent to the best Android antivirus apps due to Apple’s own restrictions around malware scanning, Intego’s Mac antivirus software can scan your iPhone or iPad for malware when connected to your computer via a USB cable.
Antivirus software can help prevent you from falling victim to a nasty malware infection or other cyberattacks in the first place. However, the best identity theft protection services can help you recover your identity and regain any funds lost to fraud following an attack.
With these two vulnerabilities, Apple has now patched a total of five zero-day flaws since the beginning of this year.
While this might sound scary at first, it’s actually a good thing as the company routinely updates its software to keep you and your Apple devices safe. However, it’s on you to install these updates to avoid falling victim to any cyberattacks that exploit these flaws.
More from Tom's Guide
- T-Mobile is starting to send out data breach settlement payments for up to $25K — see if you qualify
- Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
- 1.6 million hit in massive insurance data breach — full names, addresses, SSNs and more exposed
