CVE-2025-31200

Warnung

Medienbericht

Exploit

EPSS 1.32%
Veröffentlicht 16.04.2025 18:24:31
Zuletzt bearbeitet 25.11.2025 13:42:15
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 2 Referenzen 18

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS Version < 15.4.1

Apple ≫ tvOS Version < 18.4.1

Apple ≫ visionOS Version < 2.4.1

Apple ≫ iPadOS Version < 18.4.1

Apple ≫ iPhone OS Version < 18.4.1

Apple ≫ watchOS Version < 11.5

17.04.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Memory Corruption Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.32%	0.793

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/iOS-18-4-1-macOS-15-4-1-Co-Apple-liefert-Notfall-Patches-fuer-mehrere-Systeme-10355206.html

Medienbericht

heise Security

https://support.apple.com/en-us/122402

Vendor Advisory

Release Notes

https://support.apple.com/en-us/122282

Vendor Advisory

Release Notes

https://support.apple.com/en-us/122401