CVE-2025-31201: Apple Multiple Products Arbitrary Read and Write Vulnerability

CVE ID

CVE-2025-31201

Vulnerability Name

Apple Multiple Products Arbitrary Read and Write Vulnerability

• Project: Apple
• Product: Multiple Products

Date

• Date Added: 2025-04-17
• Due Date: 2025-05-08

Description

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122282 ; https://support.apple.com/en-us/122400 ; https://support.apple.com/en-us/122401 ; https://support.apple.com/en-us/122402 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31201

Related Security News

• Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
• Apple fixes new zero-day flaw exploited in targeted attacks
• Apple patches security flaw exploited in Chrome zero-day attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List