Apple Addresses Critical iOS Flaws Under Active Exploitation

TL;DR

Apple has released security updates to address two actively exploited vulnerabilities in iOS, iPadOS, macOS Sequoia, tvOS, and visionOS. The flaws, identified as CVE-2025-31200 and CVE-2025-31201, are being used in sophisticated targeted attacks. Users are urged to update their devices immediately to mitigate risks.

Critical Security Updates from Apple

Apple has released crucial security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS. These updates address two significant vulnerabilities actively exploited in targeted attacks. The flaws, identified as CVE-2025-31200 and CVE-2025-31201, pose severe risks to user security.

Vulnerability Details

1. CVE-2025-31200 (CVSS score: 7.5)
   • Description: A memory corruption vulnerability in the Core Audio framework.
   • Impact: This flaw could allow code execution when processing malicious audio files.
2. CVE-2025-31201 (CVSS score: 8.0)
   • Description: An out-of-bounds write issue in the WebKit engine.
   • Impact: This vulnerability could lead to arbitrary code execution when a user visits a maliciously crafted webpage.

Impact and Mitigation

These vulnerabilities are being exploited in sophisticated targeted attacks, highlighting the urgent need for users to update their devices. By addressing these flaws, Apple aims to enhance the security of its ecosystem and protect users from potential threats.

Conclusion

Apple’s prompt response to these vulnerabilities underscores the importance of regular updates in maintaining device security. Users are advised to install the latest security patches to safeguard against these actively exploited flaws. Staying vigilant and proactive in updating devices is crucial for protecting against emerging cyber threats.

For more details, visit the full article: source