Apple Patches iPhone Bug Involving Malicious Media Files

Apple has taken swift action to address a critical security vulnerability that has been exploited by hackers to target high-profile individuals using iOS devices.

According to the company, two previously unknown flaws were discovered in iOS, with one affecting the processing of audio streams and another allowing attackers to bypass certain security protections. The first flaw, CVE-2025-31200, can trigger an iPhone to remotely execute rogue computer code if it processes a maliciously crafted media file.

The hackers involved exploited a memory corruption issue in Apple's digital audio software framework for iOS and macOS, Core Audio. This type of corruption issue can cause a program to overwrite or improperly access memory outside the proper bounds, leading to unintended behavior.

The second flaw, CVE-2025-31201, appears to piggyback on the first vulnerability by requiring attackers to be able to remotely read and write computer code on iOS. This allows the attacker to bypass Pointer Authentication Code, a security protection designed to fend off memory corruption bugs.

Apple has confirmed that the hackers were chaining both vulnerabilities together to attack select iPhone users. The company worked closely with Google's Threat Analysis Group, which investigates and counters hacking efforts from foreign governments and spyware providers.

Patches Arrive in iOS 18.4.1

Apple has issued patches for the vulnerabilities through a software update available on iOS 18.4.1. Users can update their iPhones by going to Settings > General > Software Update, or if automatic updates are enabled, the phone will patch itself automatically.

Patch Available for macOS and Other Apple Devices

Apple has also released patches for macOS, tvOS, and visionOS, indicating that the company is taking a comprehensive approach to addressing the vulnerabilities. Users can expect their devices to be patched soon.

In light of this critical security update, users are advised to prioritize updating their iOS devices as soon as possible to ensure they are protected against these newly discovered flaws.