🚨 Apple Zero-Day Alert: Audio Bug & PAC Bypass Let Attackers In!

 Executive Summary & Key Takeaways 🔥

This isn’t a drill. We’re breaking down two critical zero-day vulnerabilities tearing through Apple’s ecosystem: CVE-2025-31200, a nasty memory corruption flaw in the CoreAudio framework, and CVE-2025-31201, a Pointer Authentication bypass lurking in the RPAC component. These bugs hit a massive range of Apple gear – iPhones, iPads, Macs running Sequoia, Apple TVs, and even Vision Pro.1

Here’s the kicker: Apple and the US Cybersecurity and Infrastructure Security Agency (CISA) confirm both are being actively exploited “in the wild”.1 These aren’t script kiddie attacks; they’re described as part of “extremely sophisticated” targeted campaigns, mostly hitting iOS users. Think state-sponsored hackers or high-end commercial spyware outfits.2

The potential damage? Severe. Nail CVE-2025-31200, and you get arbitrary code execution just by processing a malicious media file.1 Then, use CVE-2025-31201 to sidestep Pointer Authentication Codes (PAC) – a core hardware security feature in modern Apple chips – after getting initial access. This lets attackers dig deeper and bypass modern defenses.1 It’s a nasty one-two punch.

Because they’re actively exploited, CISA slammed both CVE-2025-31200 and CVE-2025-31201 onto its Known Exploited Vulnerabilities (KEV) list.3 This forces US federal agencies to patch by May 8, 2025, and it’s a massive red flag for everyone to patch immediately.6

Higher education is in the crosshairs. Colleges and universities are swimming in Apple devices (Macs, iPhones, iPads) used by students, faculty, and staff. Mix that with complex, often messy IT setups, rampant Bring Your Own Device (BYOD) policies, and treasure troves of research data and personal info (PII), and you’ve got a perfect storm.8

The fix? Patch. NOW. Apple dropped updates across the board: iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.4 Organizations, especially universities, need to push these updates to managed devices ASAP and scream from the rooftops for users to patch personal gear. If you’re a high-risk target, flip on Apple’s Lockdown Mode for extra armor.2

 Vulnerability Deep Dive: CVE-2025-31200 & CVE-2025-31201 🔬

: CVE-2025-31200: The Audio Trap (CoreAudio Memory Corruption) 💥

Tech Breakdown:

CVE-2025-31200 lives deep inside Apple’s CoreAudio framework – the standard engine handling sound across all their operating systems.2 The trigger? Getting an app to process an audio stream hidden inside a specially crafted media file.1 Apple’s fix involved “improved bounds checking,” which basically screams it was an out-of-bounds write or read – letting attackers scribble outside the lines in memory.12 This is classic exploit territory for overwriting critical data or hijacking control. Adding to the worry, this bug was unearthed by Apple and Google’s Threat Analysis Group (TAG) – the folks who hunt state-sponsored hackers.2

Potential Fallout:

A successful hit means arbitrary code execution.1 That gives the attacker keys to the kingdom: running commands, installing malware, grabbing data, or potentially full system pwnage, depending on what process they hit.1

CVSS Score & Severity:

This bug scores a 7.5 (High) on the CVSS 3.x scale.13 The vector string CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H tells the story:

• AV:N (Network): Exploit delivered over the network (e.g., downloading a file).
• AC:H (High Complexity): Needs serious effort – crafting the perfect malicious file, maybe dodging other defenses.
• PR:N (No Privileges): Attacker needs zero prior access.
• UI:R (User Interaction Required): The victim must do something, like open the bad file or visit a site that loads it.15
• S:U (Unchanged Scope): Impacts the vulnerable component itself.
• C:H / I:H / A:H (High Impact): Can wreck confidentiality, integrity, and availability. The user interaction part points to phishing emails with the bad file or links to poisoned websites. The high complexity suggests it’s tricky to reliably trigger the bug and get stable code execution.

: CVE-2025-31201: The Defense Breaker (RPAC Pointer Authentication Bypass) 🔓

Tech Breakdown:

CVE-2025-31201 targets the RPAC (Return Pointer Authentication Code) component and messes with Apple’s Pointer Authentication.2 Pointer Authentication Codes (PAC) are a hardware-level shield baked into modern ARM chips, including Apple Silicon (M-series) and recent iPhone/iPad A-series chips.5 PAC cryptographically signs critical pointers (like return addresses) before they hit memory and checks the signature before use. This makes classic memory corruption attacks way harder because attackers need to forge a valid crypto signature.2

Except… this vulnerability lets an attacker who already has arbitrary read/write access on the system bypass PAC.1 It’s not the front door; it’s the crowbar used after breaking in to disable a key alarm. Apple fixed this by ripping out the specific code that allowed the bypass.2 This one was found internally by Apple.4

Potential Fallout:

The main impact? PAC neutralization. By killing this defense, attackers can more easily and reliably weaponize other memory bugs that would otherwise be blocked on modern Apple hardware.1 It removes a massive roadblock to getting stable code execution and full system control after gaining that initial foothold.

CVSS Score & Severity:

CVE-2025-31201 gets a 6.8 (Medium) CVSS 3.x score.13 The vector CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N means:

• AV:N (Network): Exploitable remotely, assuming prior access.
• AC:H (High Complexity): Bypassing PAC likely needs deep system knowledge and precise manipulation.
• PR:L (Low Privileges): Attacker needs some initial access (arbitrary read/write) to use this bypass.19
• UI:N (No User Interaction): No extra user action needed for the bypass itself.
• S:U (Unchanged Scope): Affects the vulnerable component’s scope.
• C:H / I:H / A:N (High Confidentiality/Integrity, No Availability): Bypassing PAC hammers confidentiality and integrity by enabling further attacks, but the bypass itself doesn’t kill availability. Finding and exploiting a PAC bypass is a big deal. It shows sophisticated attackers are digging deep to beat hardware defenses once thought nearly unbeatable. This level of effort screams state-sponsored actors or commercial spyware ops, matching Apple’s “extremely sophisticated” description.2 Worse, successfully bypassing PAC might encourage attackers to hunt for more memory bugs, knowing they have a way past a major hurdle, potentially making all PAC-protected devices riskier.

: Affected Products and Versions 📱💻📺

These aren’t isolated bugs; they hit core components shared across Apple’s entire empire.1 This means patching isn’t simple – it’s a fleet-wide operation. Affected platforms include iOS, iPadOS, macOS Sequoia, tvOS, and visionOS.2

Table: Affected Operating Systems and Required Patch Versions

Operating System	Vulnerable Versions	Patched Version	Source(s)
iOS	Versions prior to 18.4.1	18.4.1	14
iPadOS	Versions prior to 18.4.1	18.4.1	14
macOS Sequoia	Versions prior to 15.4.1	15.4.1	12
tvOS	Versions prior to 18.4.1	18.4.1	14
visionOS	Versions prior to 2.4.1	2.4.1	14

Table data compiled from sources: 4

Table: Specific Affected Apple Device Models

Device Category	Affected Models	Source(s)
iPhone	iPhone XS and later	25
iPad	iPad Pro 13-inch, iPad Pro 12.9-inch (3rd gen+), iPad Pro 11-inch (1st gen+), iPad Air (3rd gen+), iPad (7th gen+), iPad mini (5th gen+)	25
Mac	Macs running macOS Sequoia (prior to 15.4.1)	12
Apple TV	Apple TV HD and Apple TV 4K (all models)	22
Apple Vision Pro	All models running visionOS prior to 2.4.1	23

Table data compiled from sources: 12

The sheer breadth of affected devices shows the danger of shared code in core OS components. One bug triggers a massive, complex patching headache for IT teams managing diverse Apple fleets.

 Scope, Risk Profile, and Exploitability 🌍

: Scope and Prevalence

Because these bugs hit foundational frameworks like CoreAudio and PAC-related components, their reach is vast, covering Apple’s major operating systems.1 We’re talking a potential attack surface spanning hundreds of millions of active Apple devices globally.4

We don’t have exact numbers for vulnerable devices, but market share gives us a clue. In the US, iOS dominates mobile (around 57%), and macOS has a solid chunk of the desktop market (roughly 30%).8 Globally, iOS sits between 18-28%, and macOS between 6-16%.8 Translation: A lot of people and organizations rely on potentially vulnerable Apple gear.

: Attack Scenarios and Vectors 🏹

The likely attack chain uses CVE-2025-31200 for the initial break-in, then CVE-2025-31201 to disable defenses and escalate.

• CVE-2025-31200 Vector: Needs the target device to process a malicious media file with a rigged audio stream.1 This means user interaction: opening the file from an email/message, downloading and playing it, or maybe visiting a malicious website that triggers the bad CoreAudio process.2
• CVE-2025-31201 Vector: This is used after the initial compromise. The attacker needs arbitrary read/write first (likely via CVE-2025-31200).1 Once they have that, they use CVE-2025-31201 to bypass PAC, making the next steps easier.2 The exploitation pattern screams highly targeted campaigns. Apple and others consistently call the attacks “extremely sophisticated” and aimed at “specific targeted individuals,” mainly on iOS.2 This points directly at state-sponsored spies or top-tier commercial spyware vendors hitting high-value targets: journalists, activists, government officials, execs.2 BUT DON’T GET COMPLACENT. Even though the known attacks are targeted, the vulnerability details are now public. Other hackers will try to reverse-engineer patches and build their own exploits. The initial vector for CVE-2025-31200 (malicious media file) is standard phishing fodder, easily adaptable for wider, less targeted attacks later. You can’t assume you’re safe just because the first wave was selective.

: Exploitability and Potential Attack Chain ⛓️

Exploitability is CONFIRMED HIGH. Apple says so, and CISA putting both CVEs on the KEV list seals the deal – these are actively used “in the wild”.1

These two bugs look tailor-made to work together.

1. Attacker uses CVE-2025-31200 (or similar) to get initial code execution and arbitrary read/write.
2. With that foothold, they trigger CVE-2025-31201 to bypass PAC.
3. PAC disabled = easier path to privilege escalation, persistent backdoors, lateral movement (if possible), data theft, or full device takeover.1 As of now, no public Proof-of-Concept (PoC) code or weaponized exploits have surfaced in the materials analyzed. Sophisticated attackers guard their zero-day chains closely to keep them effective and hidden.2 Apple also avoids publishing technical details or Indicators of Compromise (IOCs) that could help the bad guys.2 While the lack of public PoCs might slow down less skilled attackers, it doesn’t change the immediate threat from those already using these exploits. Active exploitation is the reason for URGENT PATCHING.

 Mitigation and Detection Strategies 🛡️

: Official Patches and Updates (The Silver Bullet)

The single most important defense is patching. Apply Apple’s security updates NOW.2 Given the active exploitation, treat this as an emergency, not routine maintenance.4 CISA’s KEV listing and deadlines hammer this home.3

Get devices to these versions or later:

• iOS: 18.4.1 14
• iPadOS: 18.4.1 14
• macOS Sequoia: 15.4.1 12
• tvOS: 18.4.1 14
• visionOS: 2.4.1 14

: Compensating Controls and Best Practices (Layered Defense)

Patching is king, but don’t stop there:

• Solid Vulnerability Management: Have a program that prioritizes risks, especially anything on CISA’s KEV list.3
• Lockdown Mode (High-Risk Users): If you’re a likely target (journalist, activist, exec, official), enable Apple’s Lockdown Mode. It severely restricts features and attack surfaces, potentially blocking sophisticated exploits, but it will impact usability.2
• User Training (Don’t Click That!): Since CVE-2025-31200 needs user interaction, keep training users. Hammer home the danger of opening media files or clicking links from unknown sources. Phishing awareness is crucial.10
• Network Hygiene: Use network segmentation to limit damage if a device gets popped. Embrace Zero Trust principles – trust no one by default based on network location.37
• BYOD Policies: Have clear, enforced rules for personal devices accessing work resources. Mandate minimum OS versions (latest patched!), basic security hygiene, and define acceptable use.11

: Detection Guidance (Finding Needles in Haystacks)

Detecting these specific zero-days is tough without public IOCs or signatures from Apple.5 Focus on behavioral detection:

• Endpoint Detection & Response (EDR/MDR): Use EDR/MDR on Macs. Tune them to spot anomalies:

• Weird processes spawning from media apps (QuickTime, Music, browsers, messengers).
• Suspicious network connections from unexpected apps.
• Attempts to escalate privileges or disable security tools.
• Strange use of built-in system tools (LoLBins).39
• For iOS/iPadOS, use MDM and mobile threat defense tools for monitoring, but visibility is usually less than on macOS.

• Log Analysis (SIEM): Collect and analyze system/app logs. Look for patterns: app crashes, weird CoreAudio errors, or other odd events after media file interactions. SIEMs can help correlate events. The lack of specific IOCs means you must patch proactively and rely on behavioral detection to spot post-compromise activity. Don’t wait for signatures.

 Sector Spotlight: Higher Education (Colleges & Universities) 🎓

: Elevated Risk Factors (Why Universities Are Prime Targets)

Colleges and universities face a perfect storm of risk, and these Apple bugs make it worse:

• Mac & iPhone Mania: Higher ed is drowning in Apple gear. Macs are everywhere for students and faculty 8, often preferred.9 iPhones/iPads are standard personal devices. This creates a massive, concentrated attack surface.
• IT Chaos: University IT is often a sprawling, decentralized mess. Different colleges, departments, labs manage their own stuff with varying security standards.10 Patching consistently across this chaos? Nightmare.38 Add legacy systems, and it’s even uglier.10
• BYOD Nightmare: Bring Your Own Device is the default. Students, faculty, staff connect personal (often unpatched) Apple devices to campus networks constantly.11 IT has little control, creating huge blind spots and entry points.36
• Diverse Users, Diverse Awareness: Huge, transient population (students!) with wildly varying tech skills and security sense.10 Students often pick convenience over security, making them easy marks for phishing the malicious audio file (CVE-2025-31200’s vector).37 High turnover makes consistent training tough.10
• Data Goldmines: Universities hoard sensitive data: student/employee PII, financial records, health info (if linked to medical centers), and priceless research/IP.10 Research data (tech, defense, health) is a top target for state-sponsored spies.11 This makes universities juicy targets for both criminals and nation-states.40
• Tight Budgets: University IT/security teams are often underfunded and understaffed for the massive job they have.10 This hinders buying advanced tools, proactive threat hunting, and slows down patching and response.40 The Brutal Truth for Higher Ed: High Apple density + uncontrolled BYOD + complex/decentralized networks + limited resources = patching these zero-days quickly and fully is exceptionally hard. Compared to a controlled corporate environment, universities likely have a much longer exposure window where vulnerable devices roam their networks. This massively increases the real-world risk from these actively exploited bugs in the academic world.

: Tailored Recommendations for Higher Education (Your Battle Plan)

Tackling this in a university requires a specific strategy:

1. Aggressive Patching (Managed Devices): Use your MDM (like Jamf 9) to force macOS Sequoia 15.4.1, iOS 18.4.1, and iPadOS 18.4.1 onto all university-owned/managed Apple devices. Track compliance like a hawk.
2. Urgent BYOD Communication Blitz: Launch immediate, clear, loud campaigns targeting everyone (students, faculty, staff). Stress the critical threat (“actively exploited,” “malicious audio files”) and the need to update personal iPhones, iPads, Macs NOW. Give simple instructions/links.27 Use every channel: email, portals, social media, digital signs.
3. Boost Network Visibility/Control: Get better tools to see what’s connecting. Use Network Access Control (NAC) to profile devices, spot old OS versions, and maybe quarantine non-compliant devices, especially those hitting sensitive systems.
4. Review/Enforce BYOD Baselines: Set (or update) minimum security standards for personal devices accessing university networks/data (e.g., require latest OS patch). Try to enforce this via NAC or conditional access linked to MDM if possible.11
5. Strengthen Network Segmentation: Seriously review and beef up network segmentation. Isolate high-risk zones (dorms, general Wi-Fi) from critical admin systems, research data, payment networks. Use stricter firewall rules based on Zero Trust.37
6. Targeted Awareness Training: Go beyond generic training. Warn specifically about this threat (malicious media files via email/web/messaging). Reinforce phishing/social engineering warnings. Tailor it – researchers need different advice than undergrads.10
7. Maximize EDR: Ensure EDR is on all manageable endpoints (esp. university Macs) and tuned for behavioral detection. Look into mobile threat defense integration with MDM for better mobile visibility.
8. Incident Response Prep: Update IR plans for scenarios involving widespread Apple device compromise (institutional and BYOD). Ensure plans cover data breach notifications (FERPA, GLBA, HIPAA, state laws).11
9. Advise High-Risk Folks on Lockdown Mode: Identify potential high-profile targets (key researchers, senior admins, activists) and tell them about Apple’s Lockdown Mode – explain the pros (blocks advanced attacks) and cons (usability impact).2

 Urgency Assessment and Conclusion 🚨

: Active Exploitation and CISA KEV Status = MAXIMUM URGENCY

The need to fix CVE-2025-31200 and CVE-2025-31201 is off the charts. Apple confirming “extremely sophisticated attacks” 2 and CISA adding them to the KEV catalog 3 leaves zero doubt. These aren’t theoretical – attackers are using them right now.

Being on the KEV list means proven, significant risk.3 CISA’s May 8, 2025 patch deadline for feds is a clear signal for how fast everyone should move.6

: Patch Adoption Hurdles (The Reality Check)

Immediate patching is the goal, but getting it done quickly and everywhere is tough, especially in large, diverse environments. This is doubly true for universities due to BYOD chaos, decentralized IT, and tight budgets.10

The gap between patch release and widespread adoption is prime hunting season for attackers. They know patches are out and will race to hit vulnerable systems before they’re fixed. For active exploits like these, shrinking that window is critical. The inherent difficulty of fast, universal patching in universities likely means this window stays open longer, leaving the sector dangerously exposed.

: Final Recommendations Summary (Your To-Do List NOW)

Organizations, especially higher education, must act decisively and immediately:

• PATCH IMMEDIATELY: Fast-track deployment of Apple’s updates (iOS/iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1) to all managed devices.
• URGENT USER WARNING: Tell everyone (students, faculty, staff) loud and clear: update personal Apple devices NOW. Explain the malicious media file risk.
• ENHANCE VISIBILITY/CONTROL: Improve network/endpoint visibility to find vulnerable Apple gear. Enforce policies via MDM/NAC where possible, especially for BYOD hitting sensitive data.
• BOLSTER DEFENSES: Strengthen network segmentation. Ensure EDR is looking for suspicious behavior.
• REINFORCE AWARENESS: Run targeted campaigns on the specific threat vector (malicious media files) and general phishing defense.
• TACKLE HIGHER ED CHALLENGES: Acknowledge the BYOD/decentralization pain points. Tailor patching, communication, and risk mitigation using the sector-specific advice above. Doing nothing is rolling out the welcome mat for attackers exploiting these known, active vulnerabilities.

Works cited

1. CISA Warns of Multiple Apple 0-day Vulnerabilities Actively …, accessed April 19, 2025, https://cybersecuritynews.com/apple-0-day-vulnerabilities-exploited/
2. Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) – Help Net Security, accessed April 19, 2025, https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/
3. CISA Adds Three Known Exploited Vulnerabilities to Catalog, accessed April 19, 2025, https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-adds-three-known-exploited-vulnerabilities-catalog
4. Apple fixes two zero-days exploited in targeted iPhone attacks – Bleeping Computer, accessed April 19, 2025, https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/
5. Apple Quashes Two Zero-Days With iOS, MacOS Patches – SecurityWeek, accessed April 19, 2025, https://www.securityweek.com/apple-pushes-ios-macos-patches-to-quash-two-zero-days/
6. CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities – GBHackers, accessed April 19, 2025, https://gbhackers.com/cisa-issues-alert-on-apple-0-day-vulnerabilities/
7. Known Exploited Vulnerabilities Catalog | CISA, accessed April 19, 2025, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?f%5B0%5D=vendor_project%3A795&f%5B1%5D=vendor_project%3A796&f%5B2%5D=vendor_project%3A801&f%5B3%5D=vendor_project%3A802&f%5B4%5D=vendor_project%3A816&f%5B5%5D=vendor_project%3A820&f%5B6%5D=vendor_project%3A823&f%5B7%5D=vendor_project%3A837&f%5B8%5D=vendor_project%3A842&f%5B9%5D=vendor_project%3A845&f%5B10%5D=vendor_project%3A846&f%5B11%5D=vendor_project%3A851&f%5B12%5D=vendor_project%3A854&f%5B13%5D=vendor_project%3A861&f%5B14%5D=vendor_project%3A866&f%5B15%5D=vendor_project%3A877&f%5B16%5D=vendor_project%3A886&f%5B17%5D=vendor_project%3A892&f%5B18%5D=vendor_project%3A893&f%5B19%5D=vendor_project%3A896&f%5B20%5D=vendor_project%3A900&f%5B21%5D=vendor_project%3A904&f%5B22%5D=vendor_project%3A910&f%5B23%5D=vendor_project%3A917&f%5B24%5D=vendor_project%3A931&f%5B25%5D=vendor_project%3A938&f%5B26%5D=vendor_project%3A940&page=0
8. How Many People Use MacOS? [Important MacOS Stats For 2024] – Spyhunter, accessed April 19, 2025, https://www.spyhunter.com/shm/macos-stats/
9. New Research Finds 71% of Students in Higher Education Today Use, or Would Prefer to Use, Mac | Jamf, accessed April 19, 2025, https://www.jamf.com/resources/press-releases/new-research-finds-71-of-students-in-higher-education-today-use-or-would-prefer-to-use-mac/
10. Why Are Cyberattacks Rising in Higher Education? – Brilliance Security Magazine, accessed April 19, 2025, https://brilliancesecuritymagazine.com/cybersecurity/why-are-cyberattacks-rising-in-higher-education/
11. Cybersecurity challenges in education – Prey, accessed April 19, 2025, https://preyproject.com/blog/cybersecurity-challenges-in-education
12. About the security content of macOS Sequoia 15.4.1 – Apple Support, accessed April 19, 2025, https://support.apple.com/en-us/122400
13. Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks, accessed April 19, 2025, https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html
14. CVE-2025-31200 – Mitre, accessed April 19, 2025, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-31200
15. CVE-2025-31200 | Tenable®, accessed April 19, 2025, https://www.tenable.com/cve/CVE-2025-31200
16. Apple Patches Two Zero-Day Security Vulnerabilities in iOS 18.4.1 Update – Mobile ID World, accessed April 19, 2025, https://mobileidworld.com/apple-patches-two-zero-day-security-vulnerabilities-in-ios-18-4-1-update/
17. CVE-2025-31201 – Mitre, accessed April 19, 2025, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-31201
18. Apple Patches iPhone Bug Involving Malicious Media Files – PCMag, accessed April 19, 2025, https://www.pcmag.com/news/apple-patches-iphone-bug-involving-malicious-media-files
19. CVE-2025-31201 – Tenable, accessed April 19, 2025, https://www.tenable.com/cve/CVE-2025-31201
20. CVE-2025-31201 Detail – NVD, accessed April 19, 2025, https://nvd.nist.gov/vuln/detail/CVE-2025-31201
21. Apple security advisory (AV25-218), accessed April 19, 2025, https://www.cyber.gc.ca/en/alerts-advisories/apple-security-advisory-av25-218
22. About the security content of tvOS 18.4.1 – Apple Support, accessed April 19, 2025, https://support.apple.com/en-us/122401
23. About the security content of visionOS 2.4.1 – Apple Support, accessed April 19, 2025, https://support.apple.com/en-us/122402
24. CVE Record: CVE-2025-31200, accessed April 19, 2025, https://www.cve.org/CVERecord?id=CVE-2025-31200
25. About the security content of iOS 18.4.1 and iPadOS 18.4.1 – Apple …, accessed April 19, 2025, https://support.apple.com/en-us/122282
26. Apple Fixes Two Zero-Day Flaws; Check Which Models Need Software Updates, accessed April 19, 2025, https://www.ndtvprofit.com/technology/apple-fixes-two-zero-day-flaws-check-which-models-need-software-updates
27. Apple urges iPhone users to update to iOS 18.4.1 amid security threat – VietNamNet, accessed April 19, 2025, https://vietnamnet.vn/en/apple-urges-iphone-users-to-update-to-ios-18-4-1-amid-security-threat-2392223.html
28. CVE-2025-31200 Detail – NVD, accessed April 19, 2025, https://nvd.nist.gov/vuln/detail/CVE-2025-31200
29. Apple’s Critical Zero-Day Vulnerabilities: What Your Houston Business Needs to Know, accessed April 19, 2025, https://cinchops.com/apples-critical-zero-day-vulnerabilitie/
30. Apple Fixes Two Zero-Day iPhone Vulnerabilities Exploited in Targeted Attacks, accessed April 19, 2025, https://hackrange.com/blog/04/CVE-2025-31200_CVE-2025-31201_critical_apple_zero-days_remediated_by_apple.html
31. Urgent: macOS Sequoia 15.4.1, iOS 18.4.1 address 2 zero-day vulnerabilities – The Mac Security Blog – Intego, accessed April 19, 2025, https://www.intego.com/mac-security-blog/urgent-macos-sequoia-15-4-1-ios-18-4-1-address-2-zero-day-vulnerabilities/
32. Mobile Operating System Market Share United States Of America | Statcounter Global Stats, accessed April 19, 2025, https://gs.statcounter.com/os-market-share/mobile/united-states-of-america
33. Usage share of operating systems – Wikipedia, accessed April 19, 2025, https://en.wikipedia.org/wiki/Usage_share_of_operating_systems
34. cybersecurity — Latest News, Reports & Analysis | The Hacker News, accessed April 19, 2025, https://thehackernews.com/search/label/cybersecurity?updated-max=2025-04-17T14:27:00%2B05:30&max-results=20&start=11&by-date=false&m=1
35. Feed aggregator – Information Security – Cal Poly, San Luis Obispo, accessed April 19, 2025, https://security.calpoly.edu/aggregator
36. BYOD Security Risks and the Implications for Organizations – American Public University, accessed April 19, 2025, https://www.apu.apus.edu/area-of-study/information-technology/resources/byod-security-risks-and-the-implications-for-organizations/
37. What are the biggest challenges that universities cybersecurity face? – Reddit, accessed April 19, 2025, https://www.reddit.com/r/cybersecurity/comments/1en5kr5/what_are_the_biggest_challenges_that_universities/
38. Defending Education: Top Cyber Security Challenges in Higher Education – CyberLab, accessed April 19, 2025, https://cyberlab.co.uk/2024/10/23/defending-education-cyber-challenges/
39. Top-targeted vulnerabilities & Email threats – Cisco Talos Blog, accessed April 19, 2025, https://blog.talosintelligence.com/content/files/2025/04/2024YiR-Vulns-Email-Tools.pdf
40. The State of Higher Education Cybersecurity: Top Insights and Trends, accessed April 19, 2025, https://www.bitlyft.com/resources/the-state-of-higher-education-cybersecurity-insights-trends
41. The Cybersecurity Dark Threat Facing Universities – Hyperproof, accessed April 19, 2025, https://hyperproof.io/resource/cybersecurity-threat-facing-universities/
42. Cyber Security: Higher Education’s Highest Risk – AppsAnywhere, accessed April 19, 2025, https://www.appsanywhere.com/resource-centre/cyber-security-higher-education-s-highest-risk

Told you it was deep.