Subj : Apple fixes dangerous iOS zero days after threats against targete To : All From : TechnologyDaily Date : Thu Apr 17 2025 15:15:09 Apple fixes dangerous iOS zero days after threats against targeted individuals Date: Thu, 17 Apr 2025 14:02:20 +0000 Description: Security vulnerabilities in iOS were used to hack targeted individuals, Apple says. FULL STORY ======================================================================Two iOS flaws have been patched by Apple The issues could have allowed hackers to carry out targeted attacks Geopolitical tensions have meant a rise in state-sponsored attacks A new iOS software update has been released to patch two security flaws that, when exploited, allowed cybercriminals to hack specific target devices in an extremely sophisticated attack, Apple has confirmed . The vulnerabilities are in CoreAudio and RPAC, and affected iOS, tvOS, visionOS, and iPadOS - and were discovered by Apple and the Google Threat Analysis Group (TAG). Its not yet been confirmed how many times these flaws were deployed, or against whom, but Google TAGs focus is working to counter government-backed hacking and attacks against Google and our users, suggesting the exploits were used by nation-state actors, or at least involved in some way. Monitor your credit score with TransUnion starting at $29.95/month TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools. Preferred partner ( What does this mean? ) View Deal Unknown victims Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf, told TechRadar Pro the first vulnerability addressed was an actively exploited CoreMedia flaw that could have allowed malicious code execution through the processing of a media file, and that Apple has mitigated this by implementing improved bounds checking. The second vulnerability fixed by Apple could allow attackers with read or write access to sidestep Pointer Authentication, which, Boynton told us, is a security mechanism designed to resist memory disclosure attacksbypassing it gives an attacker the opportunity to launch attacks and access to parts of the devices memory. With the security fixes in iOS 18.4.1 addressing two zero-day vulnerabilities, it is essential that all users immediately update their Apple devices, Boynton. The fact that these two vulnerabilities are extremely sophisticated to exploit explains why Apple has only observed attacks against specific, targeted individuals. However, the limited scope of these attacks should not deter users from updating their devices promptly. Almost half of UK businesses report an increasing number of state-sponsored threat actors in the last 12 months, and elevated geopolitical tensions make for a hostile cybersecurity landscape. Patching known security flaws is a first line of defence for all users, and should be a priority for all security teams. You might also like Take a look at our picks for the best antirvirus around Why no business is safe from state-sponsored cyber attacks China admits behind closed doors it was involved in Volt Typhoon attacks ====================================================================== Link to news story: https://www.techradar.com/pro/security/apple-fixes-ios-zero-days-after-threats -against-targeted-individuals --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .