a day agoApple tells millions of iPhone users to update their equipment after “extremely sophisticated attack”
Periskopi(a year ago)
(a year ago)Apple users are required to update their equipment, as the company was hit by an extremely sophisticated “attack”. The technology giant said revenge was used against specifically targeted individuals, but did not share further details, report Dailymail.co.uk, broadcast Periscope. Instead, it is asking millions of users of [...]
The technology giant said revenge was used against specifically targeted individuals, but did not share further details, reporton Dailymail.co.uk, broadcast Periscope.
Instead, it is urging millions of iPhone, iPad, Mac, and other iOS users to download a new security arrangement that regulates the defect.
For iPhone users and iPads with automatic updates activated, the patch must already be installed.
All the others will have to access their appointments and download arrangements to iOS 18.4.1 and iPadOS 18.4.1.
The list of influenced equipment includes older and younger models: iPhone XS and later iPad Pro 13 inches, iPad Pro 13.9 inches of the third generation and later, iPad Pro 11 inches of the first generation and later, iPad Air of generation 3 and later, iPad of the 7th and later, and iPad mini of the 5th generation and later the MacOS Sequoia (Apple TV Sequoia).
The potential for a devastating cyberattack stemmed from two defects discovered by Apple and the Google Threat Analysis Team.
They are called zero-day weaknesses, which are fully unknown software weaknesses for the vendor who creates the program, which means that there is no map that corrects the flaw when first discovered and hackers are able to exploit them.
In this case, the zero days influenced the CoreAudio software and Point Authentication <x0th) of the iPhone, allowing hackers to access a phone through vulnerable software.
In particular, Apple and Google found a zero-day defect in CoreAudio called CVE-2025-31,200.
CoreAudio is a low-level program in Apple operating systems (iOS, iPadOS, macOS, tvOS and watchOS) designed to handle processing, reproduction, and audio registration.
It also provides developers with tools to manage audio data effectively, and to interact with the audio hardware.
The fault could have been used by processing an audio broadcast using a badly created file that would execute a remote code on equipment.
Simply put, the remote code allowed a hacker to send a bad audio file (like a false MP3) to Apple devices, and when your phone or computer tries to play or open it, the file cheats the system to execute the hacker's secret instructions.
These instructions act like a computer virus, letting the hacker take over the iPhone and steal your information.
The second zero day fault, CVE-2025-31201, was found in a programme called RPAC, allowing the assailants to create their bypass codes to avoid Point Authentication (PAC) an iOS security feature that protects from memory weaknesses.
Without new security updates, hackers can access the bad code to an iPhone, iPad, or Mac via PACE.
If someone with access to your device's memory (such as through a shadowy app or another revenge) used this flaw, it could deceive the system to execute its harmful code.
This could also allow them to take over the equipment, steal photos or passwords, or completely damage the phone.
BleepingComputer noted that five zero day weaknesses have now been discovered in 2025.
All of them were arranged as soon as users downloaded the latest security updates from Apple.
Cyber security experts told DailyMail that one of the best things an iPhone user can do to protect himself from hackers is to update their device software regularly.
That means checking the phone update screen for the latest available access, or changing the device's definitions to automatically install these when Apple releases them. /Periscope/
