← back
CVE-2025-31201

CVE-2025-31201

CVSS 9.8 CRITICALEPSS 12.4%● KEVCWE-1220
In short

A flaw in Pointer Authentication on Apple devices could allow someone with read/write access to memory to bypass a security protection designed to prevent unauthorized code execution. This is a critical protection that makes it harder for attackers to take full control of your device.

Technical detail

This vulnerability exploits insufficient validation in Pointer Authentication Code (PAC) implementation, allowing an attacker with arbitrary memory read/write capabilities (via prior code execution or memory corruption) to forge or modify PAC values and execute arbitrary code. The fix involved removing the vulnerable code path entirely; affects iOS, iPadOS, macOS, tvOS, and visionOS across multiple versions.

Summary generated and translated by AI from the official description.
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · visionOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2025/Apr/26http://seclists.org/fulldisclosure/2025/Jun/14http://seclists.org/fulldisclosure/2025/Oct/0http://seclists.org/fulldisclosure/2025/Oct/3http://seclists.org/fulldisclosure/2025/Oct/4https://github.com/cisagov/vulnrichment/issues/200https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.mdhttps://support.apple.com/en-us/122282https://support.apple.com/en-us/122400https://support.apple.com/en-us/122401https://support.apple.com/en-us/122402https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31201