Apple Patches Exploited Vulnerability

    Published: 2025-04-16. Last Updated: 2025-04-16 18:44:59 UTC
    by Johannes Ullrich (Version: 1)
    0 comment(s)

     

    Today, Apple patched two vulnerabilities that had already been exploited. The vulnerabilities were exploited against iOS but also exist in macOS, tvOS, and visionOS. Apple released updates for all affected operating systems.

     

    iOS 18.4.1 and iPadOS 18.4.1 macOS Sequoia 15.4.1 tvOS 18.4.1 visionOS 2.4.1
    CVE-2025-31200: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS..
    Affects CoreAudio
    x x x x
    CVE-2025-31201: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS..
    Affects RPAC
    x x x x

    ---
    Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
    Twitter|

    Keywords:
    0 comment(s)
    ISC Stormcast For Wednesday, April 16th, 2025 https://isc.sans.edu/podcastdetail/9410

      Comments

      Login here to join the discussion.


      Diary Archives