CVE-2025-31200

Name of the Vulnerable Software and Affected Versions Apple macOS versions prior to 15.4.1 Apple tvOS versions prior to 18.4.1 Apple visionOS versions prior to 2.4.1 Apple iOS versions prior to 18.4.1 Apple iPadOS versions prior to 18.4.1 Apple watchOS versions prior to 11.5

Description A memory corruption issue exists in the CoreAudio framework, potentially allowing remote code execution when processing maliciously crafted audio streams within media files. Apple is aware of reports indicating this issue may have been exploited in sophisticated attacks targeting specific individuals on iOS. The vulnerability stems from insufficient bounds checking. The AudioConverterService is implicated in the exploitation process.

Recommendations Update macOS to version 15.4.1 or later. Update tvOS to version 18.4.1 or later. Update visionOS to version 2.4.1 or later. Update iOS to version 18.4.1 or later. Update iPadOS to version 18.4.1 or later. Update watchOS to version 11.5 or later.