If you haven’t already updated your iPhone to the latest iOS, then we highly recommend that you do so now.
On Wednesday, April 16, Apple released iOS 18.4.1. The latest update to Apple’s mobile operating system fixes not just one, but two zero-day vulnerabilities that have already been exploited by hackers.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” the company said in a statement posted on its website about each of the two exploits.
Mashable Light Speed
According to Apple, the two vulnerabilities impact Core Audio (CVE-2025-31200) and Return Pointer Authentication Code, also known as RPAC (CVE-2025-31201).
Core Audio is an API that Apple uses to process sound on Apple’s operating systems. The CVE-2025-31200 exploit basically allowed a bad actor to execute code on the device when attempting to process an audio stream in a “maliciously crafted media file.”
Return Pointer Authentication Code is an iOS security feature that aims to stop an attacker from manipulating existing code for malicious purposes. The CVE-2025-31201 exploit enables a threat actor with “arbitrary read and write capability” to bypass this Pointer Authentication security measure.
In addition to the iPhone, these vulnerabilities also affect a slew of other Apple devices, such as certain models of the iPad, Apple TV, Apple Vision Pro, and Macs running macOS Sequoia. Apple has now released updates to each device’s respective operating systems to fix the exploits.
