InfoSecBulletin Cybersecurity for mankind
On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly sophisticated attacks targeting a few iOS users.
The vulnerabilities CVE-2025-31200 and CVE-2025-31201 allow for code execution and bypass mitigation on Apple’s iOS, iPadOS, and macOS platforms.
South Korea fines Coupang Record $409 mln fine for data leak
ShinyHunters claim stolen data from 100+ org via oracle PeopleSoft servers
Security Update: RoguePlanet, BitLocker Bypass, Chromium Zero-Day, and More Critical Threats Uncovered
73 Microsoft Packages Compromised in Password Stealer Attack
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the WildÂ
AI-designed First ‘universal vaccine’ tested in humans
Apple acknowledged a report indicating that both flaws were exploited in targeted attacks on specific iPhones.
Here’s Apple’s description of the software defects:
CoreAudio (CVE-2025-31200) — Processing an audio stream in a malicious media file could lead to code execution. Apple is aware of reports that this vulnerability may have been exploited in a sophisticated attack on specific iOS users. A memory corruption problem was fixed with better bounds checking, as reported by Google’s Threat Analysis Group (TAG).
RPAC (CVE-2025-31201) — An attacker with read and write access could potentially bypass Pointer Authentication. Apple has been informed of a report suggesting this issue may have been exploited in a sophisticated attack targeting specific individuals on iOS. The problem has been fixed by removing the vulnerable code.
Pointer Authentication is a security feature in some ARM architectures that ensures a pointer hasn’t been tampered with through cryptographic methods.
Vulnerabilities on macOS Sequoia have been fixed, but Apple reports that exploitation has been limited to a few iPhones. As usual, Apple did not provide details or IOCs about these exploits.
