Apple Releases Emergency Updates to Fix Actively Exploited Flaws in Sophisticated Attacks

In a move to address the growing threat of sophisticated attacks, Apple has released emergency updates to fix two actively exploited vulnerabilities in its iOS, iPadOS, and macOS operating systems. The company's out-of-band security patches aim to protect users from potential exploitation by malicious actors.

The two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, have been confirmed to have been actively exploited in a small number of "extremely sophisticated" attacks against iOS targets. While Apple has not provided technical details about the attacks, the limited, targeted nature of these attacks suggests that commercial surveillance vendors or a nation-state actor may be behind them.

Apple has taken swift action to address the issue by releasing security patches for the following devices:

• iPhone XS and later
• iPad Pro 13-inch, iPad Pro 13.9-inch (3rd generation) and later
• iPad Pro 11-inch (1st generation) and later
• iPad Air (3rd generation) and later
• iPad 7th generation and later
• iPad mini (5th generation) and later

It's worth noting that Apple's decision not to share technical details about the attacks may be due to the sensitive nature of the information, which could potentially compromise ongoing investigations or intelligence gathering efforts.

If you're concerned about the security of your device, we recommend checking for and installing these emergency updates as soon as possible. You can find more information on how to do this in our dedicated guide.

Stay ahead of the threat curve with us! Follow me on Twitter: @securityaffairs, Facebook, and Mastodon for the latest security news and insights.