Apple users are being urged to update their devices after the company was hit by an ‘extremely sophisticated attack‘.
The tech giant said the hack was used against ‘specific targeted individuals’ but shared no further details.
Instead, it is urging millions of iPhone, iPad, Mac and other iOS users to download a new security patch that fixes the flaw.
For iPhone and iPad users with automatic updates on, the patch should already be installed. Everyone else will need to go into their settings and download the fixes to iOS 18.4.1 and iPadOS 18.4.1.
The list of devices impacted includes older and newer models: iPhone XS and later iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later macOS Sequoia Apple TV HD and Apple TV 4K (all models) Apple Vision Pro.
The potential for a devastating cyber attack stemmed from two flaws discovered by Apple and the Google Threat Analysis team.
They’re called zero-day vulnerabilities, which are software weaknesses completely unknown to the vendor creating the program, meaning there is no patch that corrects the flaw when it’s first discovered and hackers are capable of exploiting them.
In this case, the zero-days affected the iPhone’s CoreAudio and Pointer Authentication software (RPAC), allowing hackers to gain access to a phone through vulnerable programs.
Apple users are being urged to update their devices after the company was hit by an ‘extremely sophisticated attack’ (stock image)
Specifically, Apple and Google found a zero-day flaw in CoreAudio called CVE-2025-31200.
CoreAudio is a low-level program in Apple’s operating systems (iOS, iPadOS, macOS, tvOS, and watchOS) designed to handle audio processing, playback, and recording.
It also provides developers with tools to manage audio data efficiently and interact with audio hardware.
The flaw could have been exploited by processing an audio stream using a maliciously crafted media file which would execute a ‘remote code’ on the device.
Simply put, the remote code allowed a hacker can send a bad audio file (like a fake MP3) to Apple devices, and when your phone or computer tries to play or open it, the file tricks the system into running the hacker’s secret instructions.
Those instructions act like a computer virus, letting the hacker take over the iPhone and steal your info.
The second zero-day flaw, CVE-2025-31201, was found in a program called RPAC, allowing attackers to create their own bypass codes to avoid Pointer Authentication (PAC) – an iOS security feature that protects against memory vulnerabilities.
