Apple has released software updates to fix two zero-day vulnerabilities in its products, which may have been actively exploited to hack customers running its iOS mobile software, targeting specific individuals.
The company confirmed in security advisories that the bugs were fixed after being exploited in sophisticated attacks. The vulnerabilities were unknown to Apple until they were being used, hence classified as zero days.
The attackers’ identities and the number of affected Apple customers remain unknown. Apple credited Google’s Threat Analysis Group for discovering one of the bugs, suggesting a potential nation-state or government-backed cyberattack.
First Chrome zero-day of 2025 shows just how fragile browser security is
The first bug affects Apple’s Core Audio component, allowing malicious code execution through a crafted media file. The second bug allows attackers to bypass pointer authentication, a security feature that prevents malicious code injection into a device’s memory.
Apple released updates for macOS Sequoia (version 15.4.1), iOS 18.4.1 for iPhones and iPads, as well as updates for Apple TV and Vision Pro, to fix the security bugs.
