Latest news with #CoreAudio
Daily Tribune
20-04-2025
- Daily Tribune
Apple Urges iPhone Users to Update Immediately as iOS 18.4.1 Patches Active Security Threats
Apple has officially rolled out iOS 18.4.1, accompanied by a critical advisory urging iPhone users to update their devices without delay. The latest software update addresses two significant security vulnerabilities that, according to Apple, are actively being exploited in real-world attacks. While the tech giant has remained tight-lipped on the specifics of the flaws—likely to prevent wider exploitation before users have a chance to secure their devices—Apple confirmed that one of the issues lies within CoreAudio, the system responsible for processing audio on iPhones. The vulnerability, identified as CVE-2025-31200, was discovered and reported jointly by Apple and Google's Threat Analysis Group. It involves the potential for malicious audio files to execute harmful code on a device, allowing attackers to gain unauthorized access or control. 'Processing an audio stream in a maliciously crafted media file may result in code execution,' Apple stated in its security release. Apple has a policy of withholding detailed descriptions of vulnerabilities until a majority of users have applied the necessary updates, to minimize the risk of widespread abuse. The company has not disclosed the full details of the second flaw patched in iOS 18.4.1, but emphasized that both were serious enough to prompt immediate action. Users are encouraged to navigate to Settings > General > Software Update and install the latest version to keep their devices secure. As threat actors grow increasingly sophisticated, regular updates remain one of the most essential lines of defense for iPhone users.
Yahoo
18-04-2025
- Yahoo
iOS 18.4.1 — update your iPhone right now to apply emergency security fix
When you buy through links on our articles, Future and its syndication partners may earn a commission. If you've been holding off updating your iPhone (or your other Apple devices for that matter), now is the time to do so as a new series of emergency security updates have been released to fix two zero-day flaws. As reported by BleepingComputer, these recently discovered vulnerabilities were quickly patched by the company after it became aware that they may have been exploited in an 'extremely sophisticated attack'. In a security bulletin, Apple explains that this attack was against 'specific targeted individuals' using one of the best iPhones. The first zero-day (tracked as CVE-2025-31200) is a flaw in CoreAudio that was discovered by security researchers from both Apple and Google's Threat Analysis Group. If exploited by hackers, it can be used to execute remote code on a vulnerable device by processing an audio stream in a maliciously crafted media second zero-day (tracked as CVE-2025-31201) is a flaw in Apple's Remote Participant Audio Control (RPAC) framework that the company discovered on its own. Hackers with read and write access to a vulnerable device can exploit this vulnerability to bypass an iOS security feature called Pointer Authentication which helps protect against memory Just like it normally does, Apple hasn't shared any additional details regarding how these zero-day flaws were exploited in this extremely sophisticated attack. The reason the company does things this way is to give its users plenty of time to update their devices while also preventing hackers from reverse engineering these attacks so that they can recreate them. What we do know though is that a ton of Apple devices are impacted by these two zero-days including: iPhone (XS and later) iPad Pro 13-inch, iPad Pro 13.9 inch (3rd gen and later) iPad Pro 11-inch (1st gen and later) iPad Air (3rd gen and later) iPad (7th gen and later) iPad mini (5th gen and alter) Macs running macOS Sequoia Apple TV HD Apple TV 4K (all models) Apple Vision Pro When it comes to Apple zero-days, they can be highly valuable for hackers and other cybercriminals. As such, they're often used in attacks against high-profile individuals like CEOs and politicians instead of ordinary people. Still though, you're going to want to update your Apple devices ASAP since attacks exploiting vulnerabilities like these tend to trickle down to ordinary users eventually. Hackers love to go after people running outdated software as they're easy targets. For this reason, you want to install the latest iPhone, Mac and other security updates from Apple as soon as they become available to minimize your risk of falling victim to an attack leveraging security flaws or vulnerabilities that have already been patched. From here, you want to make sure that you and the rest of your household are practicing good cyber hygiene. This means not clicking on links or downloading attachments from unknown senders as well as not responding to suspicious emails that come with a sense of urgency. All of the examples above are tell-tale signs of a phishing scam which could put your personal and financial data at risk and could potentially lead to you falling victim to identity theft. While your Mac comes with Apple's own XProtect security software pre-installed, you may also want to consider using the best Mac antivirus software alongside it for extra protection. Although there isn't an iPhone equivalent to the best Android antivirus apps due to Apple's own restrictions around malware scanning, Intego's Mac antivirus software can scan your iPhone or iPad for malware when connected to your computer via a USB cable. Antivirus software can help prevent you from falling victim to a nasty malware infection or other cyberattacks in the first place. However, the best identity theft protection services can help you recover your identity and regain any funds lost to fraud following an attack. With these two vulnerabilities, Apple has now patched a total of five zero-day flaws since the beginning of this year. While this might sound scary at first, it's actually a good thing as the company routinely updates its software to keep you and your Apple devices safe. However, it's on you to install these updates to avoid falling victim to any cyberattacks that exploit these flaws. T-Mobile is starting to send out data breach settlement payments for up to $25K — see if you qualify Your Social Security number is a literal gold mine for scammers and identity thieves — here's how to keep it safe 1.6 million hit in massive insurance data breach — full names, addresses, SSNs and more exposed
Yahoo
16-04-2025
- Yahoo
Apple says zero-day bugs exploited against 'specific targeted individuals' using iOS
Apple has released new software updates across its product line to fix two security vulnerabilities, which the company said may have been actively used to hack customers running its mobile software, iOS. In security advisories posted on its website, Apple confirmed it fixed the two zero-day vulnerabilities, which 'may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.' The bugs are considered zero days because they were unknown to Apple as they were being exploited. It's not yet known who is behind the attacks or how many Apple customers were targeted, or if any were successfully compromised. A spokesperson for Apple did not return TechCrunch's inquiry. Apple credited the discovery of one of the two bugs to security researchers working at Google's Threat Analysis Group, which investigates government-backed cyberattacks. This may indicate that the attacks targeting Apple customers were launched or coordinated by a nation state or government agency. Some government-backed cyberattacks are known to involve the use of remotely planted spyware and other phone-unlocking devices. A Google spokesperson did not immediately comment when reached by TechCrunch. Apple said that one of the bugs affects Apple's CoreAudio, the system-level component that Apple uses across its various products to allow developers to interact with device audio. Apple said the bug could be exploited by processing an audio stream in a maliciously crafted media file, which can allow the execution of malicious code on an affected Apple device. The other bug, which Apple took sole credit for discovering, allows an attacker to bypass pointer authentication, a security feature that Apple uses in its software to make it more difficult for attackers to corrupt or otherwise inject malicious code into a device's memory. Apple released a software update for macOS Sequoia, bumping the software version to 15.4.1, and released iOS 18.4.1 that fixes the security bugs in iPhones and iPads. Apple TV and the company's mixed-reality headset Vision Pro also received the same security updates. Sign in to access your portfolio
Forbes
16-04-2025
- Forbes
iOS 18.4.1—Apple Issues New Update Warning To All iPhone Users
Apple has released iOS 18.4.1, fixing two iPhone security flaws, both of which are being used in ... More real-life attacks. Apple has released iOS 18.4.1 and it comes with a warning to update your iPhone now. That's because iOS 18.4.1 fixes two iPhone security flaws, both of which are being used in real-life attacks. Apple doesn't provide a lot of detail about what's fixed in iOS 18.4.1, because the iPhone maker wants to give people as much time to update before more attackers can get hold of the details. The first flaw fixed in iOS 18.4.1 is an issue in the iPhone's CoreAudio tracked as CVE-2025-31200 and reported by Apple and the Google Threat Analysis Group. Processing an audio stream in a maliciously crafted media file may result in code execution, Apple warned on its support page. 'Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,' the iPhone maker added. The second bug patched in iOS 18.4.1 is a flaw in RPAC tracked as CVE-2025-31201 and reported Apple. The vulnerability could allow an attacker with arbitrary read and write capability to bypass Pointer Authentication, Apple said, adding that the issue may also have been exploited in an 'extremely sophisticated attack.' The iOS 18.4.1 update comes just two weeks after the release of iOS 18.4, which itself patched 62 vulnerabilities, highlighting the importance of the latest upgrade. In March, Apple again addressed an already-exploited flaw in the iOS 18.3.2 update. Apple's iOS 18.4.1 is an emergency security update that comes in between major point upgrades, ahead of iOS 18.5's arrival in May. There is no iOS 17 update for older iPhones, perhaps because the operating system is not affected by this flaw. However, Apple is no longer issuing security updates to iOS 17 users that are able to upgrade to iOS 18. Despite the urgency of the iOS 18.4.1 upgrade, there is no need to panic, because as Apple said, the flaws fixed in iOS 18.4.1 were used in targeted attacks. These are likely against journalists, dissidents, government officials and businesses in certain sectors. Yet if attackers get hold of the details, they can use the flaws more widely. Apple's iOS 18.4.1 also addresses several bugs, including one that prevents wireless CarPlay connection in certain vehicles. The iOS 18.4.1 update is available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. So what are you waiting for? Go to your iPhone Settings > General > Software Update and download and install iOS 18.4.1 now.
