Time to update: Apple has discovered hackers exploiting an iOS bug via malicious media files.
On Wednesday, the company issued patches to fix two previously unknown flaws, warning that attackers have been abusing both of them to hack select iPhone users.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS,” the company said, an indicator that hackers targeted high-profile victims.
The first flaw, CVE-2025-31200, can trigger an iPhone to remotely execute rogue computer code if the device processes an audio stream “in a maliciously crafted media file.”
Apparently, the hackers discovered a memory corruption issue in Core Audio, Apple’s digital audio software framework for iOS and macOS. Such corruption issues can cause a program to overwrite or improperly access memory outside the proper bounds, which can lead to unintended behavior.
The second flaw, CVE-2025-31201, appears to piggyback on the first since it requires the attacker to be able to remotely read and write computer code on iOS. CVE-2025-31201 can let the attacker bypass an Apple security protection called Pointer Authentication Code to fend off memory corruption bugs.
Recommended by Our Editors
Although Apple didn’t provide more details, the patches suggest the attackers were chaining both vulnerabilities together to attack select iPhone users. The company also discovered the problem with the help of Google’s Threat Analysis Group, which investigates and counters hacking efforts from foreign governments and spyware providers.
The fix is arriving through iOS 18.4.1. Apple has issued patches for macOS, tvOS and visionOS. Users can update their iPhones by going to Settings > General > Software Update. The phone will also patch itself if you’ve toggled on automatic updates.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
