Description
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Published: 2025-04-16
Score: 9.8 Critical
EPSS: 3.4% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows an attacker with arbitrary memory read and write capabilities to bypass Apple’s pointer authentication mechanism. By subverting these hardware‑based integrity checks, the attacker can overwrite or inject executable code and execute it with elevated privileges, effectively compromising the integrity and confidentiality of the device and allowing remote code execution.

Affected Systems

The vulnerability affects Apple’s iOS, iPadOS, macOS Sequoia, tvOS, and visionOS. It is mitigated in the latest releases: iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1. Devices running earlier versions are still vulnerable.

Risk and Exploitability

With a CVSS score of 9.8 and an EPSS of 3%, the risk is critical and the likelihood of exploitation is non‑negligible. Apple is aware of a report that this issue may have been exploited in a sophisticated attack against targeted individuals on iOS, and the flaw is listed in the CISA KEV catalog. The requirement for arbitrary read/write suggests a precursor weakness, but once bypassed the attacker can achieve full code execution, elevating the threat to a high level of severity.

Generated by OpenCVE AI on May 25, 2026 at 17:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that removes the vulnerable pointer authentication bypass code (e.g., iOS 18.4.1).
  • Configure systems to enforce strict memory protection and isolation consistent with CWE‑1220, ensuring that only trusted code can perform arbitrary memory accesses.
  • Disable or restrict functions that allow arbitrary read/write, such as debug interfaces or insecure memory manipulation APIs, to mitigate the precursor weakness that enables the pointer authentication bypass.

Generated by OpenCVE AI on May 25, 2026 at 17:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11381 This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
History

Mon, 25 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write Exploit

Tue, 28 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write Exploit

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Mon, 24 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 18 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Thu, 17 Apr 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-04-17'}

Thu, 17 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 18:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:41.543Z

Reserved: 2025-03-27T16:13:58.315Z

Link: CVE-2025-31201

cve-icon Vulnrichment

Updated: 2025-11-03T19:48:19.883Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-16T19:15:54.673

Modified: 2026-04-03T14:31:32.007

Link: CVE-2025-31201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T17:15:30Z

Weaknesses