Latest news with #CVE-2025-31200
Daily Tribune
20-04-2025
- Daily Tribune
Apple Urges iPhone Users to Update Immediately as iOS 18.4.1 Patches Active Security Threats
Apple has officially rolled out iOS 18.4.1, accompanied by a critical advisory urging iPhone users to update their devices without delay. The latest software update addresses two significant security vulnerabilities that, according to Apple, are actively being exploited in real-world attacks. While the tech giant has remained tight-lipped on the specifics of the flaws—likely to prevent wider exploitation before users have a chance to secure their devices—Apple confirmed that one of the issues lies within CoreAudio, the system responsible for processing audio on iPhones. The vulnerability, identified as CVE-2025-31200, was discovered and reported jointly by Apple and Google's Threat Analysis Group. It involves the potential for malicious audio files to execute harmful code on a device, allowing attackers to gain unauthorized access or control. 'Processing an audio stream in a maliciously crafted media file may result in code execution,' Apple stated in its security release. Apple has a policy of withholding detailed descriptions of vulnerabilities until a majority of users have applied the necessary updates, to minimize the risk of widespread abuse. The company has not disclosed the full details of the second flaw patched in iOS 18.4.1, but emphasized that both were serious enough to prompt immediate action. Users are encouraged to navigate to Settings > General > Software Update and install the latest version to keep their devices secure. As threat actors grow increasingly sophisticated, regular updates remain one of the most essential lines of defense for iPhone users.
Yahoo
18-04-2025
- Yahoo
iOS 18.4.1 — update your iPhone right now to apply emergency security fix
When you buy through links on our articles, Future and its syndication partners may earn a commission. If you've been holding off updating your iPhone (or your other Apple devices for that matter), now is the time to do so as a new series of emergency security updates have been released to fix two zero-day flaws. As reported by BleepingComputer, these recently discovered vulnerabilities were quickly patched by the company after it became aware that they may have been exploited in an 'extremely sophisticated attack'. In a security bulletin, Apple explains that this attack was against 'specific targeted individuals' using one of the best iPhones. The first zero-day (tracked as CVE-2025-31200) is a flaw in CoreAudio that was discovered by security researchers from both Apple and Google's Threat Analysis Group. If exploited by hackers, it can be used to execute remote code on a vulnerable device by processing an audio stream in a maliciously crafted media second zero-day (tracked as CVE-2025-31201) is a flaw in Apple's Remote Participant Audio Control (RPAC) framework that the company discovered on its own. Hackers with read and write access to a vulnerable device can exploit this vulnerability to bypass an iOS security feature called Pointer Authentication which helps protect against memory Just like it normally does, Apple hasn't shared any additional details regarding how these zero-day flaws were exploited in this extremely sophisticated attack. The reason the company does things this way is to give its users plenty of time to update their devices while also preventing hackers from reverse engineering these attacks so that they can recreate them. What we do know though is that a ton of Apple devices are impacted by these two zero-days including: iPhone (XS and later) iPad Pro 13-inch, iPad Pro 13.9 inch (3rd gen and later) iPad Pro 11-inch (1st gen and later) iPad Air (3rd gen and later) iPad (7th gen and later) iPad mini (5th gen and alter) Macs running macOS Sequoia Apple TV HD Apple TV 4K (all models) Apple Vision Pro When it comes to Apple zero-days, they can be highly valuable for hackers and other cybercriminals. As such, they're often used in attacks against high-profile individuals like CEOs and politicians instead of ordinary people. Still though, you're going to want to update your Apple devices ASAP since attacks exploiting vulnerabilities like these tend to trickle down to ordinary users eventually. Hackers love to go after people running outdated software as they're easy targets. For this reason, you want to install the latest iPhone, Mac and other security updates from Apple as soon as they become available to minimize your risk of falling victim to an attack leveraging security flaws or vulnerabilities that have already been patched. From here, you want to make sure that you and the rest of your household are practicing good cyber hygiene. This means not clicking on links or downloading attachments from unknown senders as well as not responding to suspicious emails that come with a sense of urgency. All of the examples above are tell-tale signs of a phishing scam which could put your personal and financial data at risk and could potentially lead to you falling victim to identity theft. While your Mac comes with Apple's own XProtect security software pre-installed, you may also want to consider using the best Mac antivirus software alongside it for extra protection. Although there isn't an iPhone equivalent to the best Android antivirus apps due to Apple's own restrictions around malware scanning, Intego's Mac antivirus software can scan your iPhone or iPad for malware when connected to your computer via a USB cable. Antivirus software can help prevent you from falling victim to a nasty malware infection or other cyberattacks in the first place. However, the best identity theft protection services can help you recover your identity and regain any funds lost to fraud following an attack. With these two vulnerabilities, Apple has now patched a total of five zero-day flaws since the beginning of this year. While this might sound scary at first, it's actually a good thing as the company routinely updates its software to keep you and your Apple devices safe. However, it's on you to install these updates to avoid falling victim to any cyberattacks that exploit these flaws. T-Mobile is starting to send out data breach settlement payments for up to $25K — see if you qualify Your Social Security number is a literal gold mine for scammers and identity thieves — here's how to keep it safe 1.6 million hit in massive insurance data breach — full names, addresses, SSNs and more exposed
