PT-2025-16877 · Apple · Tvos +5

Todsacerdoti

Published

2024-04-16

Updated

2025-09-14

CVE-2025-31200

CVSS v2.0

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

**Name of the Vulnerable Software and Affected Versions:**

Apple macOS versions prior to 15.4.1

Apple tvOS versions prior to 18.4.1

Apple visionOS versions prior to 2.4.1

Apple iOS versions prior to 18.4.1

Apple iPadOS versions prior to 18.4.1

Apple watchOS version 11.5

**Description:**

A memory corruption issue exists in the CoreAudio framework, potentially allowing remote code execution through processing a maliciously crafted audio stream within a media file. Apple is aware of reports indicating exploitation of this issue in highly sophisticated attacks targeting specific individuals on iOS.

**Recommendations:**

Apple macOS versions prior to 15.4.1: Update to version 15.4.1 or later.

Apple tvOS versions prior to 18.4.1: Update to version 18.4.1 or later.

Apple visionOS versions prior to 2.4.1: Update to version 2.4.1 or later.

Apple iOS versions prior to 18.4.1: Update to version 18.4.1 or later.

Apple iPadOS versions prior to 18.4.1: Update to version 18.4.1 or later.

Apple watchOS versions prior to 11.5: Update to version 11.5 or later.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-04742

CVE-2025-31200

Affected Products

Apple Macos

Ios

Ipados

Macos Sequoia

Tvos

Visionos

PT-2025-16877 · Apple · Tvos +5

Weakness Enumeration

Related Identifiers

Affected Products

References · 163