Apple and Google collaborate to fix two critical zero-day vulnerabilities affecting iOS 18.4, macOS Sequoia 15.4, and more. Learn what these flaws are, how they’re being exploited, and how to protect your devices.
Apple and Google Collaborate to Patch Zero-Day Exploits Actively Targeting iOS and macOS
In a landmark collaboration, Apple and Google have jointly identified and patched two critical zero-day vulnerabilities currently being exploited in the wild. These flaws affect nearly every major Apple platform, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS.
If you’re using an Apple device, you are at risk until you update. Here’s everything you need to know.
What Are Zero-Day Vulnerabilities and Why Should You Care?
Zero-day vulnerabilities are security flaws that are discovered and exploited before developers have had a chance to patch them. These types of exploits are particularly dangerous because there are no immediate defenses—unless you apply security updates as soon as they’re released.
Apple’s latest emergency patches address the following:
| CVE ID | Affected Component | Threat Level | Attack Vector |
|---|---|---|---|
| CVE-2025-31200 | CoreAudio | Critical | Malicious audio file |
| CVE-2025-31201 | RPAC (Pointer Authentication) | Critical | Memory manipulation |
CVE-2025-31200 – CoreAudio Flaw (Remote Code Execution)
This vulnerability allows attackers to deliver maliciously crafted audio files that, when processed by the device, enable arbitrary code execution—in simple terms, it lets an attacker take control of your device.
Key Points
- Affects CoreAudio, used in nearly all Apple devices.
- Requires no user interaction beyond playing an infected audio file.
- Jointly discovered by Apple and Google’s Threat Analysis Group (TAG).
“Just listening to a malicious audio file could give hackers control of your device.”
— Google TAG Security Analyst
CVE-2025-31201 – RPAC Bypass (Pointer Authentication Disabled)
This second flaw attacks Apple’s Pointer Authentication mechanism, a modern hardware-level defense designed to block unauthorized code execution.
Why It’s Serious
- Allows attackers to bypass key memory protection safeguards.
- Exploited after initial access is gained—often via another vulnerability like CVE-2025-31200.
- This makes it particularly dangerous in chain exploits.
Apple and Google: Rivals United Against Cyber Threats
One of the standout aspects of this response is the collaborative discovery of CVE-2025-31200 by Apple and Google TAG.
This partnership highlights the urgent need for inter-company cooperation in the face of increasingly sophisticated attacks.
“We may compete in the marketplace, but when it comes to cybersecurity, we’re allies.”
— Google Threat Analysis Group
Affected Devices and Required Updates
If your Apple device is running older versions of iOS, macOS, tvOS, or visionOS, it may be vulnerable. Here’s a quick summary:
| Platform | Vulnerable Versions | Safe Version |
|---|---|---|
| iOS | 18.4 and earlier | 18.4.1 |
| iPadOS | 18.4 and earlier | 18.4.1 |
| macOS Sequoia | 15.4 and earlier | 15.4.1 |
| tvOS | 18.4 and earlier | 18.4.1 |
| visionOS | 2.4 and earlier | 2.4.1 |
How to Update Your Apple Devices Right Now
Don’t delay. These are emergency patches. Updating now could be the difference between a secure system and a compromised one.
Update Instructions
- iPhone or iPad:
Settings > General > Software Update - Mac (macOS Sequoia):
System Settings > General > Software Update - Apple TV:
Settings > System > Software Updates - Apple Vision Pro:
Settings > General > Software Update
Pro Tips to Stay Protected
- ✅ Enable Automatic Updates to ensure you receive security fixes ASAP.
- 🛡️ Use Lockdown Mode if you’re at high risk (e.g., journalist, executive, activist).
- 🔐 Avoid playing or downloading audio from unknown sources until fully patched.
Why These Exploits Are a Game-Changer for iOS/macOS Security
Apple’s Pointer Authentication system (RPAC) is one of the most advanced hardware-level protections in the industry. The fact that it can be bypassed makes this threat particularly alarming.
| Security Feature | Purpose | Status with CVE-2025-31201 |
|---|---|---|
| Pointer Authentication | Prevent unauthorized memory access | ❌ Bypassed |
| CoreAudio Bounds Checking | Prevent overflow during audio processing | ❌ Broken |
| App Sandboxing | Contain app behavior | ❌ Compromised via chained exploits |
Final Thoughts: Update Now or Risk Exploitation
Zero-day vulnerabilities are some of the most dangerous forms of cyber threats, especially when they’re actively exploited. Apple and Google’s quick response shows how collaboration beats competition when it comes to public safety.
If you haven’t updated your Apple device today, you’re already behind. Take a few minutes, apply the update, and ensure your digital life remains secure.
Stay Informed — Subscribe for Security Alerts
Want real-time updates on zero-day threats and security patches? Subscribe to our newsletter for breaking cybersecurity news.
