CVE-2025-31201 vulnerability in Apple Products
Published on April 16, 2025
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Known Exploited Vulnerability
This Apple Multiple Products Arbitrary Read and Write Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
The following remediation steps are recommended / required by May 8, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
Products Associated with CVE-2025-31201
You can be notified by stack.watch whenever vulnerabilities like CVE-2025-31201 are published in these products:
What versions are vulnerable to CVE-2025-31201?
-
Apple macOS
Fixed in Version 15.4.1
-
Apple tvOS
Fixed in Version 18.4.1
-
Apple visionOS
Fixed in Version 2.4.1
-
Apple iPadOS
Fixed in Version 18.4.1
-
Apple Iphone Os
Fixed in Version 18.4.1