Summary:
Apple released security advisories on Wednesday for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two vulnerabilities, CVE-2025-31200 and CVE-2025-31201, that have been observed being actively exploited in the wild. CVE-2025-31200 and CVE-2025-31201 carry CVSS scores of 7.5 and 6.8, respectively. CVE-2025-31200 was addressed with improved bounds checking, and CVE-2025-31201 was addressed by removing a vulnerable section of the code. Google Threat Analysis Group (TAG) was credited with reporting CVE-2025-31200. The attacks where Apple observed these flaws were "exploited in an extremely sophisticated attack against specific targeted individuals on iOS."

Five actively-exploited zero-day vulnerabilities in Apple software this year:

• CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio stream in a maliciously crafted media file
• CVE-2025-31201 (CVSS score: 6.8) - A vulnerability in the RPAC component that could be used by an attacker with arbitrary read and write capability to bypass Pointer Authentication
• CVE-2025-24085 (CVSS score: 7.8) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges
• CVE-2025-24200 (CVSS score: 4.6) - An authorization issue in the Accessibility component that could enable an attacker to disable USB Restricted Mode on a locked device as part of a cyber-physical attack
• CVE-2025-24201 (CVSS score: 7.1) - An out-of-bounds write issue in the WebKit component that could be exploited to break out of the Web Content sandbox using maliciously crafted web content

Security Officer Comments:
Counting this new development, Apple has already had to address 5 actively exploited zero-days in its software this year. Due to the active exploitation risk, Apple has advised users to update all devices to their latest version to help mitigate the risk of these attacks. A robust patch management policy is a cornerstone of a strong security posture and good IT hygiene. Systematically addressing vulnerabilities by ensuring systems are up-to-date significantly reduces the attack surface and helps maintain the availability of operations while complying with government regulations.

Suggested Corrections:
Updates available:

• iOS 18.4.1 and iPadOS 18.4.1 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• macOS Sequoia 15.4.1 - Macs running macOS Sequoia
• tvOS 18.4.1 - Apple TV HD and Apple TV 4K (all models)
• visionOS 2.4.1 - Apple Vision Pro

Link(s):
https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html