Apple today released visionOS 2.4.1, a minor but important update to the visionOS 2 operating system for the Apple Vision Pro. Users should install the update as soon as possible, as the update includes fixes for security holes that have already been exploited.
The visionOS 2.4 update can be installed by opening the Settings app on the Vision Pro and going to the “General” section and selecting “Software Update.” To install the update, the Vision Pro headset will need to be removed to install new software, and a progress bar will be shown on the front EyeSight display.
According to Apple’s release notes, visionOS 2.4.1 includes bug fixes and security updates, and the software is recommended for all users.
The update also includes fixes for security flaws that have been exploited in the wild.
CoreAudio
Available for: Apple Vision Pro
Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: A memory corruption issue was addressed with improved bounds checking.
CVE-2025-31200: Apple and Google Threat Analysis Group
RPAC
Available for: Apple Vision Pro
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-31201: Apple
More information on visionOS 2 is available here.
