Apple Addresses Zero-Day Exploits Targeting iOS Users
Apple has rolled out new software updates across its devices to patch two security flaws that, according to the company, were potentially used in targeted attacks against certain iOS users.
In a security advisory, Apple stated that it has fixed two previously unknown vulnerabilities—known as zero-day bugs—that were likely exploited in what it described as "extremely sophisticated attacks" aimed at specific individuals using iOS.
Because the flaws were unknown to Apple at the time of exploitation, they fall into the "zero-day" category.
Details on the identity of the attackers, the number of people targeted, or the extent of any successful breaches remain unclear. Apple has not responded to requests for comment from TechCrunch.
One of the vulnerabilities was discovered by Google's Threat Analysis Group, which focuses on cyberattacks backed by governments. This discovery suggests the possibility of a nation-state or government entity being behind the attacks. These types of campaigns often involve the use of spyware or tools designed to compromise smartphones remotely.
Apple explained that one of the bugs impacts Core Audio, a system component that manages audio functionalities across its devices. This flaw could be triggered by playing a maliciously crafted audio file, potentially allowing attackers to run harmful code on the device.
The second vulnerability, which Apple identified internally, involves bypassing pointer authentication—a security measure designed to prevent memory manipulation and unauthorized code execution.
To address these issues, Apple released software updates including macOS Sequoia version 15.4.1 and iOS 18.4.1. Security patches were also applied to Apple TV and the Vision Pro headset.