Time to replace: Apple has found hackers exploiting an iOS bug by way of malicious media recordsdata. 

On Wednesday, the corporate issued patches to repair two beforehand unknown flaws, warning that attackers have been abusing each of them to hack choose iPhone customers.  

“Apple is conscious of a report that this problem could have been exploited in an especially subtle assault towards particular focused people on iOS,” the corporate stated, an indicator that hackers focused high-profile victims. 

The primary flaw, CVE-2025-31200, can set off an iPhone to remotely execute rogue pc code if the gadget processes an audio stream “in a maliciously crafted media file.”

Apparently, the hackers found a reminiscence corruption problem in Core Audio, Apple’s digital audio software program framework for iOS and macOS. Such corruption points may cause a program to overwrite or improperly entry reminiscence exterior the correct bounds, which might result in unintended conduct. 

The second flaw, CVE-2025-31201, seems to piggyback on the primary because it requires the attacker to have the ability to remotely learn and write pc code on iOS. CVE-2025-31201 can let the attacker bypass an Apple safety safety known as Pointer Authentication Code to fend off reminiscence corruption bugs. 

Though Apple didn’t present extra particulars, the patches counsel the attackers had been chaining each vulnerabilities collectively to assault choose iPhone customers. The corporate additionally found the issue with the assistance of Google’s Risk Evaluation Group, which investigates and counters hacking efforts from overseas governments and spyware suppliers. 

The repair is arriving by means of iOS 18.4.1. Apple has issued patches for macOS, tvOS and visionOS. Customers can update their iPhones by going to Settings > Basic > Software program Replace. The cellphone may also patch itself when you’ve toggled on computerized updates.

Get Our Finest Tales!

Keep Protected With the Newest Safety Information and Updates

Join our SecurityWatch e-newsletter for our most necessary privateness and safety tales delivered proper to your inbox.

By clicking Signal Me Up, you affirm you might be 16+ and conform to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Control your inbox!

About Michael Kan

Senior Reporter

I have been working as a journalist for over 15 years—I received my begin as a faculties and cities reporter in Kansas Metropolis and joined PCMag in 2017.

Read Michael’s full bio

Learn the most recent from Michael Kan