Apple has distributed an emergency security update across its product lineup. The action came after two zero-day (0-day) vulnerabilities found in iOS were confirmed to have been potentially exploited in highly sophisticated attacks targeting specific individuals. One was discovered by a Google subsidiary security analysis team, with state-sponsored actors potentially suspected.
On April 16, 2025 (local time), Apple urgently released software updates including iOS 18.4.1 and macOS Sequoia 15.4.1. Apple's security advisory states the update addresses two zero-day vulnerabilities "suspected of being used in an extremely sophisticated attack." Apple noted the vulnerabilities may have been exploited in targeted attacks against specific individuals, though the attackers and scale of victims remain unidentified.
Two vulnerabilities: (1) CoreAudio — processing malicious audio streams can cause memory corruption enabling remote code execution, discovered jointly by Apple and Google Threat Analysis Group (TAG); affects iOS and macOS broadly. (2) RPAC (Pointer Authentication Code) — if an attacker gains arbitrary memory access, this security measure can be bypassed to inject malicious code; discovered internally by Apple. Both affect iPhone XS and later, latest iPad series, Vision Pro.
Google TAG specializes in tracking government-level cyberattacks and has previously tracked sophisticated spyware like Pegasus — raising cautious suspicion of government or government-linked cyber organizations. Apple is withholding details about targets and scope, though the "specific targets" language suggests journalists, human rights activists, or senior executives may be at risk. Countermeasures: immediate iOS 18.4.1 update; restrict unknown audio/media file execution; limit suspicious app access permissions. This incident starkly exposed limits of Apple's "closed security ecosystem" — no ecosystem guarantees absolute safety against advanced targeted attacks.
