CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-31200

CVSS 9.8v3.1pub. 2025-04-16upd. 2026-04-03

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.

🤖 AI Analysis
How it works

The error consists of improper memory boundary handling (CWE-119 — buffer overflow / memory corruption) during parsing of an audio stream in a multimedia file. A specially crafted file can cause memory corruption in a process, enabling an attacker to take control of code execution. The vulnerability requires no special permissions or system interaction other than the victim opening the file.

Impact

Successful exploitation of the vulnerability allows an attacker to execute arbitrary code on the victim's device, which may lead to complete device takeover, data theft, or malicious software installation.

Mitigation & patch

Systems must be immediately updated to the following versions: iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Updates are available through standard Apple update mechanisms.

Who is affected

iOS and iPadOS versions before 18.4.1, macOS Sequoia before version 15.4.1, tvOS before version 18.4.1, visionOS before version 2.4.1, watchOS before version 11.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple iPadOS

    OS
    Apple
    < 18.4.1
  • Apple iOS

    OS
    Apple
    < 18.4.1
  • Apple macOS

    OS
    Apple
    15.0 – 15.4.1 (bez)
  • Apple tvOS

    OS
    Apple
    < 18.4.1
  • Apple Visionos

    OS
    Apple
    < 2.4.1
  • Apple watchOS

    OS
    Apple
    < 11.5

CISA KEV — detailsi

Vendori
Apple
Producti
Multiple Products
Added to KEVi
April 17, 2025
Remediation deadline (US Federal)i
May 8, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 8 maja 2025
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki

CVE-2025-24085CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Use-after-free w Apple iOS/iPadOS/macOS — privilege escalation przez aplikację