In this episode, we break down Apple’s massive May 2025 security update blitz—a sweeping patch release that spanned iOS, macOS, iPadOS, tvOS, visionOS, and watchOS. The urgency? Two zero-day vulnerabilities, CVE-2025-31200 (Core Audio) and CVE-2025-31201 (Core Media), were already under active exploitation in what experts are calling “extremely sophisticated, targeted attacks.”

We’ll dig into the technical details of these zero-days, explore who might be behind the attacks, and explain how they allowed malicious audio and media files to potentially execute arbitrary code on unpatched Apple devices.

Beyond the zero-days, Apple’s updates patched over 30 serious vulnerabilities affecting components such as WebKit, CoreGraphics, AirDrop, and the Kernel. We’ll also examine new revelations:

• A side-channel attack dubbed SysBumps that bypasses kernel-level protections on Apple Silicon Macs
• Security enhancements in the Notes app aimed at preventing unauthorized access
• And the first-ever security update for Apple’s C1 modem—a possible sign of increasing focus on baseband-level threats.

We also spotlight the researchers and red teams from around the world—including India, Korea, and China—whose findings were acknowledged in Apple’s advisories.

If you're an Apple user, security analyst, or IT admin, this is a critical episode: we’ll tell you what’s been patched, what’s still concerning, and what you should do next.