CVE-2025-31200 - affects in CoreAudio, a framework responsible for audio processing on iOS and iPadOS devices.processing a maliciously crafted media file could trigger a memory corruption issue, potentially leading to code execution.βProcessing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.β
CVE-2025-31201 -affects RPAC (Return-oriented Programming Attack Countermeasure), a security mechanism designed to protect against exploits.This flaw could allow an attacker with arbitrary read and write capabilities to bypass Pointer Authentication, a feature that safeguards against code manipulation.βAn attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.β
Affected Devices and Mitigation -
iPhone XS and lateriPad Pro 13-inchiPad Pro 13.9-inch (3rd generation and later)iPad Pro 11-inch (1st generation and later)iPad Air (3rd generation and later)iPad (7th generation and later)iPad mini (5th generation and later)
Recommendations -
To install iOS 18.4.1 or iPadOS 18.4.1, go to Settings > General > Software Update on your device. Apple strongly recommends all eligible users update as soon as possible to ensure protection against these vulnerabilities.