Full Report
Find out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.
Analysis Summary
# Vulnerability: Apple Zero-Days in CoreAudio and RPAC Exploited in the Wild
## CVE Details
- CVE ID: CVE-2025-31200, CVE-2025-31201
- CVSS Score: N/A (Scores not provided in the text, but described as serious zero-days)
- CWE: N/A (Specific CWEs not provided, but CVE-2025-31200 relates to media processing/arbitrary code execution, and CVE-2025-31201 relates to memory protection bypass)
## Affected Systems
- Products: iOS, macOS
- Versions: Vulnerable versions prior to those patched in iOS 18.4.1 and macOS Sequoia 15.4.1.
- Configurations: N/A
## Vulnerability Description
Two zero-day vulnerabilities were patched by Apple, noted for being used in "extremely sophisticated attack[s]" against targeted individuals.
1. **CVE-2025-31200 (CoreAudio):** A flaw in the CoreAudio component that could allow an attacker to achieve device control by convincing the device to process a malicious media file.
2. **CVE-2025-31201 (RPAC):** A flaw affecting the Pointer Authentication security mechanism. Exploitation of this flaw could allow an attacker, possessing read/write access to the device, to bypass memory protection protections and hijack the system.
## Exploitation
- Status: Actively being exploited in the wild ("Used in ‘Extremely Sophisticated’ Attacks")
- Complexity: Implied High, given the description of targeted attacks and sophistication.
- Attack Vector: Likely network/remote for the CoreAudio bug (via media file processing), and local/internal interaction for the RPAC bug if memory corruption is achieved.
## Impact
- Confidentiality: High (Device control implies full access)
- Integrity: High (Device control implies full access)
- Availability: High (Device control implies potential disruption or complete compromise)
## Remediation
### Patches
- **iOS:** Update to iOS 18.4.1 (or later)
- **macOS:** Update to macOS Sequoia 15.4.1 (or later)
### Workarounds
- The article does not mention specific workarounds, as immediate patching is implied due to active exploitation.
## Detection
- Detection strategy focuses on applying the official vendor patches immediately. No specific IOCs or detection signatures are detailed in this summary.
## References
- Vendor Advisories: Apple Security Update (Referencing support article H/T: support dot apple dot com/en-us/122282)
- Relevant links:
- techrepublic dot com/article/news-apple-patches-zero-days-ios-macos/