MS-ISAC has released a cybersecurity advisory regarding multiple critical vulnerabilities in Apple products, warning that the most severe could allow for arbitrary code execution. These vulnerabilities affect versions of iOS, iPadOS, macOS Sequoia, tvOS, and visionOS prior to their respective 18.4.1 and 15.4.1 updates. If exploited, attackers could execute code in the context of the logged-in user—potentially installing programs, accessing or modifying data, or creating new accounts with elevated privileges. Apple has confirmed that at least two of these vulnerabilities (CVE-2025-31200 and CVE-2025-31201) were exploited in highly sophisticated, targeted attacks against individuals on iOS.
The risk level is high for large and medium government and business entities, moderate for smaller organizations, and low for home users. MS-ISAC strongly recommends immediate action, including applying Apple’s latest patches after appropriate testing, enforcing the principle of least privilege, restricting web-based content, and enabling anti-exploitation features such as System Integrity Protection and Gatekeeper. Additional steps include blocking unauthorized scripts and applications, deploying endpoint protection tools, and maintaining a robust vulnerability management and penetration testing program. Prompt mitigation is critical to protect systems from active and potential threats. For more information, refer to the Apple Security Update and MS-ISAC advisory.