When Should We Call You?

Edit Template

Multiple Vulnerabilities in Apple Products

Spread the love

Classification:

Impact: Loss of confidentiality, integrity, availability
Exploit: Unknown exploit
Solution: Update

Affected Systems:

iOS versions prior to 18.4.1
iPadOS versions prior to 18.4.1
macOS Sequoia versions prior to 15.4.1
tvOS versions prior to 18.4.1
visionOS versions prior to 2.4.1
Visions OS before 2.4.1
Vision Pro
Apple TV HD/4K
iPad mini 5th/Pro 11-inch/Pro 13-inch/Pro 13.9-inch 3rd gen

Risks:

Compromise of data confidentiality
Bypass of security policies
Denial of service
Privilege escalation

Conclusion:

Recently, multiple vulnerabilities were discovered in Apple products. The exploitation of these vulnerabilities is as follows:

CVE-2025-31200

The vulnerability CVE-2025-31200 is a memory corruption flaw in Apple’s Core Audio framework. This vulnerability allows code execution when processing a malicious audio stream in a media file. It has been patched in the following versions: tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple has acknowledged reports indicating that this flaw has been exploited in highly sophisticated attacks targeting specific individuals.

CVE-2025-31201

The vulnerability CVE-2025-31201 affects Apple’s RPAC component. An attacker with arbitrary read and write capabilities could bypass pointer authentication. This flaw was fixed by removing the vulnerable code section in the same software versions as CVE-2025-31200. Like CVE-2025-31200, this vulnerability has also been exploited in sophisticated attacks.

These two vulnerabilities highlight the importance of keeping systems updated to protect against security risks. Users are strongly encouraged to update their devices to the latest available versions to safeguard against these flaws.

Note: Apple confirms that both vulnerabilities referenced under CVE-2025-31200 and CVE-2025-31201 are being actively exploited.

References: