CVE-2025-31201

Apple Products tvOS versions prior to 18.4.1 visionOS versions prior to 2.4.1 iOS versions prior to 18.4.1 iPadOS versions prior to 18.4.1 macOS Sequoia versions prior to 15.4.1

Description This issue centers around a flaw in the Reconfigurable Processing Architecture Core (RPAC), a hardware component in newer Apple Silicon chips. The vulnerability allows an attacker with arbitrary read and write capabilities to bypass Apple’s Pointer Authentication Code (PAC), a security feature designed to prevent return-oriented programming attacks. The issue was addressed by removing the vulnerable code. Apple is aware of reports indicating that this flaw was exploited in highly sophisticated attacks targeting specific individuals on iOS devices. The vulnerability allows for arbitrary memory access.

Recommendations Update tvOS to version 18.4.1. Update visionOS to version 2.4.1. Update iOS to version 18.4.1. Update iPadOS to version 18.4.1. Update macOS Sequoia to version 15.4.1.