These vulnerabilities, affecting a wide range of Apple devices, have been leveraged in sophisticated attacks targeting both individuals and enterprises, raising significant concerns across the cybersecurity community.
In recent months, Apple has patched at least five zero-day vulnerabilities, with several being actively exploited in the wild.
The most recent advisories address two critical flaws—CVE-2025-31200 and CVE-2025-31201—impacting iOS, macOS, iPadOS, tvOS, and visionOS.
These vulnerabilities were reportedly used in “extremely sophisticated attacks” against targeted individuals, according to Apple’s own security bulletins.
These vulnerabilities were patched in the latest security updates—iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.
Apple credited its internal teams and Google’s Threat Analysis Group for the discovery and reporting of these flaws.
CISA’s warning is not limited to these two vulnerabilities.
Earlier this year, the agency flagged CVE-2025-24200, a critical flaw in Apple’s USB Restricted Mode. This zero-day vulnerability allows attackers with physical access to bypass security measures on locked devices, exposing sensitive user data to unauthorized extraction.
The flaw, classified as an authorization bypass (CWE-863), undermines one of Apple’s key defenses against forensic and hacking tools.
Additionally, CVE-2025-24201, a WebKit zero-day, was found to enable attackers to escape the browser sandbox via malicious web content, further expanding the attack surface for Apple users.
The list of impacted devices is extensive and includes:
| Vulnerability | CVE ID | Attack Vector | Impact | Devices Affected | Severity (CVSS) | Exploitation Status |
|---|---|---|---|---|---|---|
| Core Audio RCE | CVE-2025-31200 | Malicious audio file | Remote code exec. | iOS, macOS, tvOS, etc. | 7.5 | Actively exploited |
| RPAC PAC Bypass | CVE-2025-31201 | Read/write access | Security bypass | iOS, macOS, tvOS, etc. | 6.8 | Actively exploited |
| USB Restricted Mode Bypass | CVE-2025-24200 | Physical device access | Data extraction | iOS, iPadOS | Critical | Actively exploited |
| WebKit Sandbox Escape | CVE-2025-24201 | Malicious web content | Sandbox escape | iOS, macOS, visionOS | High | Actively exploited |
CISA and Apple urge all users and organizations to immediately apply the latest security updates to affected devices.
While some of these vulnerabilities have been used in highly targeted attacks, the risk of broader exploitation remains high if systems are left unpatched.
Organizations should also review device access controls and monitor for signs of compromise, especially if physical access to devices cannot be fully controlled.
The rapid emergence and exploitation of these zero-days highlight the evolving threat landscape and the necessity for timely patch management and robust security practices.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post CISA Alerts on Active Exploitation of Multiple Apple 0-Day Flaws appeared first on Cyber Security News.
CountrySelect Pro is a lightweight vanilla JavaScript country selector that adds a searchable dropdown with…
Editium is a lightweight WYSIWYG editor that supports both React and Vanilla JavaScript with a…
A new open-source edge AI system called π RuView is turning ordinary WiFi infrastructure into…
SELMA, Ala. (AP) — Sixty-one years after state troopers attacked Civil Rights marchers on the…
A Janesville family is creating a scholarship foundation in memory of their son, 14-year-old Kase…
Spoilers follow for Star Trek: Starfleet Academy Episode 9, “300th Night,” which is available on…
This website uses cookies.