Apple users are being urged to update their devices after the company was hit by an ‘extremely sophisticated attack’.
The tech giant said the hack was used against ‘specific targeted individuals’ but shared no further details.
Instead, it is urging millions of iPhone, iPad, Mac and other iOS users to download a new security patch that fixes the flaw.
Users of iPhone and iPad who have automatic updates enabled will find that the patch has already been automatically installed. For those who do not have automatic updates or disabled it, they will need to manually go to their device settings and download the fixes for both iOS 18.4.1 and iPadOS 18.4.1.
The devices affected by these vulnerabilities range from older to newer models. This includes iPhone XS and later models, iPad Pro 13-inch and later, iPad Pro 13.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later, macOS Sequoia, Apple TV HD and Apple TV 4K (all models), and Apple Vision Pro.
The potential for a devastating cyber attack stemmed from two flaws discovered by Apple and the Google Threat Analysis team.
These vulnerabilities are known as zero-day vulnerabilities, which are weaknesses in software that are completely unknown to the vendor at the time of discovery. This means that there is no existing patch to fix the flaw when it is first identified, allowing hackers the opportunity to exploit these vulnerabilities.
In this case, the zero-days affected the iPhone’s CoreAudio and Pointer Authentication software (RPAC), allowing hackers to gain access to a phone through vulnerable programs.
Apple users are being urged to update their devices after the company was hit by an ‘extremely sophisticated attack’ (stock image)
Specifically, Apple and Google found a zero-day flaw in CoreAudio called CVE-2025-31200.
CoreAudio is a low-level program in Apple’s operating systems (iOS, iPadOS, macOS, tvOS, and watchOS) designed to handle audio processing, playback, and recording.
It also provides developers with tools to manage audio data efficiently and interact with audio hardware.
The flaw could have been exploited by processing an audio stream using a maliciously crafted media file which would execute a ‘remote code’ on the device.
Simply put, the remote code allowed a hacker can send a bad audio file (like a fake MP3) to Apple devices, and when your phone or computer tries to play or open it, the file tricks the system into running the hacker’s secret instructions.
Those instructions act like a computer virus, letting the hacker take over the iPhone and steal your info.
The second zero-day flaw, CVE-2025-31201, was found in a program called RPAC, allowing attackers to create their own bypass codes to avoid Pointer Authentication (PAC) – an iOS security feature that protects against memory vulnerabilities.
Without the new security updates, hackers could sneak bad code into an iPhone, iPad, or Mac through PAC.
If someone with access to your device’s memory (like through a shady app or another hack) used this flaw, they could trick the system into running their harmful code.
This could also let them take over the device, steal photos or passwords, or damage the phone completely.
Apple have discovered 5 different zero-day flaws that required an immediate security update since the start of 2025
BleepingComputer noted that there have now been five zero-day vulnerabilities discovered in 2025.
All of them were fixed as soon as users downloaded the latest security updates from Apple.
Cybersecurity experts told DailyMail.com that one of the best things an iPhone user can do to protect themselves from hackers is regularly update their device’s software.
That means checking the phone’s updates screen for the latest patches available or changing the device’s settings to automatically install these patches when Apple releases them.
