CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-31201

CVSS 9.8v3.1pub. 2025-04-16upd. 2026-04-03

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

🤖 AI Analysis
How it works

The vulnerability resulted from the presence of vulnerable code handling the Pointer Authentication mechanism — an ARM hardware security feature protecting memory pointers from manipulation. An attacker with the ability to perform arbitrary memory read and write operations could exploit this code to bypass PAC. Apple resolved the issue by eliminating the vulnerable code fragment. The vulnerability could be used as part of an exploit chain in attacks targeting specific, selected individuals.

Impact

An attacker can bypass the Pointer Authentication mechanism, which in combination with other techniques can lead to complete device takeover, and compromise of confidentiality, integrity, and availability of data.

Mitigation & patch

Must immediately update to: iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. Patches available through Apple's system update mechanism.

Who is affected

iOS and iPadOS before version 18.4.1, macOS Sequoia before version 15.4.1, tvOS before version 18.4.1, visionOS before version 2.4.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple iPadOS

    OS
    Apple
    < 18.4.1
  • Apple iOS

    OS
    Apple
    < 18.4.1
  • Apple macOS

    OS
    Apple
    15.0 – 15.4.1 (bez)
  • Apple tvOS

    OS
    Apple
    < 18.4.1
  • Apple Visionos

    OS
    Apple
    < 2.4.1

CISA KEV — detailsi

Vendori
Apple
Producti
Multiple Products
Added to KEVi
April 17, 2025
Remediation deadline (US Federal)i
May 8, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 8 maja 2025
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-31200CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple — memory corruption (RCE) w przetwarzaniu strumieni audio

CVE-2025-24201CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki

CVE-2025-24085CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Use-after-free w Apple iOS/iPadOS/macOS — privilege escalation przez aplikację