Apple and Google Threat Analysis Group discovered two security vulnerabilities impacting iOS devices. Tracked as CVE-2025-31200 and CVE-2025-31201, the vulnerabilities could allow an attacker to execute code.
The Apple security advisory states that they are aware of a report that the vulnerabilities may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, acknowledging their active exploitation. CISA urges users to patch the vulnerabilities before May 8, 2025.
CVE-2025-31200
The memory corruption flaw exists in the CoreAudio component of iOS. An attacker may exploit the vulnerability by processing an audio stream in a maliciously crafted media file to perform remote code execution. Apple fixed the vulnerability with improved bounds checking.
CVE-2025-31201
An attacker with arbitrary read and write permissions may exploit the vulnerability to bypass Pointer Authentication. Apple fixed the vulnerability by removing the vulnerable code.
Affected Products and Versions
- macOS Sequoia versions before 15.4.1
- iPhone XS and later
- iPad 7th generation and later
- iPad Air 3rd generation and later
- iPad mini 5th generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Pro 13-inch, iPad Pro 13.9-inch 3rd generation and later
Mitigation
Apple released the following versions to patch the vulnerabilities:
- macOS Sequoia 15.4.1
- iOS 18.4.1 and iPadOS 18.4.1
For more information, please visit the Apple security advisories for macOS Sequoia, iOS, and iPadOS.
Qualys Detection
Qualys customers can scan their devices with QIDs 383110 and 610650 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://support.apple.com/en-us/122400
https://support.apple.com/en-us/122282
