AI description
CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.
- Description
- A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Memory Corruption Vulnerability
- Exploit added on
- Apr 17, 2025
- Exploit action due
- May 8, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- CWE-787
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
🚨 ¡Alerta de Ciberseguridad! 🍎 CISA advierte sobre vulnerabilidades 0-day de Apple (CVE-2025-31200 & CVE-2025-31201) ¡Explotadas activamente! 😱🎧✍️ 🛡️ Acción urgente: ¡Aplica mitigaciones de Apple YA! 🛠️ Empresas: Cumplan BOD 22-01. ☁️ Si no hay fix, ¡suspender uso!
@JonathanGPLD
19 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple patched two zero-day flaws (CVE-2025-31200, CVE-2025-31201) actively exploited in targeted iPhone attacks. The bugs affect iOS, macOS, tvOS, iPadOS, and visionOS. Update to iOS 18.4.1, macOS Sequoia 15.4.1, etc., ASAP. Impacts many devices. https://t.co/KMaH0oQkyn
@Jfreeg_
18 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اپل آپدیت اورژانسی برای 0day CVE-2025-31200 CVE-2025-31201 داده، هر وسیلهای از اپل داری آپدیت کن
@Teeegra
18 Apr 2025
918 Impressions
2 Retweets
17 Likes
1 Bookmark
1 Reply
0 Quotes
#BUGBOARD news is back!🔍 Apple released updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address 2 actively exploited vulnerabilities: a Core Audio flaw (CVE-2025-31200, CVSS 7.5) and a RPAC issue (CVE-2025-31201, CVSS 6.8). Link-https://t.co/WAKURlN4Hw #Apple #news
@bugbreport
18 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1. Apple Cihazlarında İki Zero Day Açığı (CVE-2025-31200 & CVE-2025-31201) Apple, iOS, macOS, iPadOS ve tvOS platformlarını etkileyen iki zero day açığını kapatmak için acil güvenlik güncellemeleri yayınladı.BleepingComputer+1Intego+1 CVE-2025-31200 (CoreAudio): Kötü amaçlı
@MuratDemirtas
18 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1. Apple Cihazlarında İki Sıfır Gün Açığı (CVE-2025-31200 & CVE-2025-31201) Apple, iOS, macOS, iPadOS ve tvOS platformlarını etkileyen iki sıfır gün açığını kapatmak için acil güvenlik güncellemeleri yayınladı.BleepingComputer+1Intego+1 CVE-2025-31200 (CoreAudio): Kötü amaç
@MuratDemirtas
18 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple Emergency Fixes: iOS/macOS Under Attack Apple patches 2 zero-days (CVE-2025-31200 & 31201) exploited in targeted attacks. Update now if you’re on iPhone XS, iPads, or macOS! https://t.co/xojqOUcs90 #Apple #ZeroDay #CyberSecurity
@dCypherIO
17 Apr 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-31200 🔴 HIGH (7.5) 🏢 Apple - visionOS 🏗️ unspecified 🔗 https://t.co/qM4om5Z5EZ 🔗 https://t.co/W7pkmfRwVl 🔗 https://t.co/Iv4sI0u3bU 🔗 https://t.co/hm8kBF9pP6 #CyberCron #VulnAlert #InfoSec https://t.co/Az431aNcdl
@cybercronai
17 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-31200
@transilienceai
17 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple рассказала об уязвимостях, закрытых в iOS/iPadOS 18.4.1 • CoreAudio (CVE-2025-31200): Обработка аудиопотока в вредоносном медиафайле могла привести к выполнению неизвестного кода. Apple известно о том, что эта уязвимость была использована в атаке на конкретных лиц https:/
@aaplpro
17 Apr 2025
659 Impressions
0 Retweets
6 Likes
2 Bookmarks
1 Reply
0 Quotes
Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) https://t.co/Fe3PQzoLxh #cybersecurity #cybernews https://t.co/prmWeYLH1f
@jawconsultinguk
17 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has released a new round of security updates after discovering two zero-day vulnerabilities (CVE-2025-31200 and CVE-2025-31201) that were exploited in what’s been described as an "extremely sophisticated attack" targeting specific iPhones. #CyberThreatAlert https://t.co/
@DynaRisk
17 Apr 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CyberAlerts adds two Apple iOS Known Exploited Vulnerabilities (KEV) to their database not yet in CISA KEV - CVE-2025-31200 - CVE-2025-31201 Update to tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1 https://t.co/OAMPcMw82Q
@ethicalhack3r
17 Apr 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 2 Apple iOS Zero-Day Vulnerabilities Exploited in Sophisticated Attacks Read more: https://t.co/4FkIDRC2AR 📌 The first vulnerability tracked as CVE-2025-31200 resides in CoreAudio, a framework responsible for audio processing on iOS and iPadOS devices. #cybersecurity #iOS
@gbhackers_news
17 Apr 2025
45 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 2 Apple iOS Zero-Day Vulnerabilities Exploited in Sophisticated Attacks Read more: https://t.co/xpfkWLHCaR 📌 The first vulnerability tracked as CVE-2025-31200 resides in CoreAudio, a framework responsible for audio processing on iOS and iPadOS devices. 📌 The second https
@The_Cyber_News
17 Apr 2025
588 Impressions
5 Retweets
11 Likes
3 Bookmarks
0 Replies
0 Quotes
📌 أصدرت شركة آبل تحديثات أمنية لأنظمة iOS وiPadOS وmacOS وtvOS وvisionOS لمعالجة ثغرتين أمنيتيتن تم الاستغلال الفعلي لهما. تشمل الثغرات المعنية CVE-2025-31200، والتي تتعلق بخلل في الذاكرة داخل إطار العمل Core Audio، مما يتيح تنفيذ التعليمات البرمجية أثناء معالجة الصوت. #الامن…
@Cybercachear
17 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
iOS18.4.1きてた🍎 CVE-2025-31200 CVE-2025-31201 セキュリティアップデートは早めにあてるか。 iOS18.5でマインナンバー対応のはず! https://t.co/c2PQAadD80
@yama_zaru0102
17 Apr 2025
732 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple、iOSおよびMacOSのパッチで2つのゼロデイ脆弱性を修正(CVE-2025-31200、CVE-2025-31201) https://t.co/WzbNtwtgiR #Security #セキュリティ #ニュース
@SecureShield_
17 Apr 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple issued emergency updates for two critical zero-day vulnerabilities (CVE-2025-31200 and CVE-2025-31201) affecting multiple platforms. Users, including iPhone XS and later, should update promptly. #security #apple https://t.co/5008HF78E2
@Strivehawk
17 Apr 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Appleは、iOS、macOS、iPadOS、tvOS、visionOSにわたる緊急セキュリティアップデートを公開し、2件のゼロデイ脆弱性(CVE-2025-31200およびCVE-2025-31201)に対応した。 これらは高度に洗練された攻撃で悪用され、特定のiPhoneユーザーが標的となったとされる。
@yousukezan
16 Apr 2025
2173 Impressions
3 Retweets
12 Likes
6 Bookmarks
0 Replies
0 Quotes
Appleが緊急セキュリティ更新を配信。iPhoneへの標的型攻撃で使用されたゼロデイ脆弱性2件への対応。CoreAudioにおける遠隔コード実行CVE-2025-31200とRPACにおけるポインタ認証(PAC)迂回CVE-2025-31201。攻撃の詳細は明らかにされず。Appleのゼロデイ修正は今年5件目。 https://t.co/JPHfwHMojQ
@__kokumoto
16 Apr 2025
2690 Impressions
14 Retweets
31 Likes
9 Bookmarks
0 Replies
0 Quotes
Urgent Apple Security Patch: Zero-Day Exploits Target iPhones #Apple releases urgent patches for zero-day flaws (CVE-2025-31200, CVE-2025-31201) targeting #iPhones. Update now to protect your devices from sophisticated attacks. https://t.co/HobY7psIbi
@the_yellow_fall
16 Apr 2025
326 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Apple has released urgent updates to fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) affecting iPhones and other devices. Immediate updates are advised. 📱🔒 #AppleSecurity #iOSUpdates #USA link: https://t.co/Ri3MuLuEK3 https://t.co/hS6WHkx5DI
@TweetThreatNews
16 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple just dropped a bombshell! Within the last hour, they rolled out emergency security updates to fix two zero-day vulnerabilities—CVE-2025-31200 and CVE-2025-31201—that hackers were actively exploiting in what Apple’s calling an “extremely sophisticated attack” on specific htt
@LaszloRealtor
16 Apr 2025
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
woah... [CVE-2025-31200(CoreAudio) & CVE-2025-31201( bypass PAC) exploited ITW https://t.co/JNv60IYjDm https://t.co/NxCVsmkZRs
@xvonfers
16 Apr 2025
2892 Impressions
4 Retweets
49 Likes
20 Bookmarks
0 Replies
0 Quotes
📣 EMERGENCY UPDATES 📣 Apple pushed updates for 2 new zero-days that may have been actively exploited. 🐛 CVE-2025-31200 (CoreAudio), 🐛 CVE-2025-31201 (RPAC): - iOS iOS 18.4.1 and iPadOS 18.4.1 - macOS Sequoia 15.4.1 - tvOS 18.4.1 - visionOS 2.4.1
@ApplSec
16 Apr 2025
915 Impressions
2 Retweets
11 Likes
2 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F73061A-3EA8-4A3A-9192-02C11B8A4943",
"versionEndExcluding": "15.4.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A24DBFEA-B927-44AA-82F3-C9A385B6F426",
"versionEndExcluding": "18.4.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "925616D6-4CD8-4999-ABA7-57810D148EEF",
"versionEndExcluding": "2.4.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F16CA380-BCA8-4704-A2DF-8DEFB6C74304",
"versionEndExcluding": "18.4.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3509987-8BCC-4735-B3A0-CB8821F015C4",
"versionEndExcluding": "18.4.1"
}
],
"operator": "OR"
}
]
}
]