Description
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Published: 2025-04-16
Score: 9.8 Critical
EPSS: 2.3% Low
KEV: Yes
Impact: Remote Code Execution via Pointer Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

Apple has identified a flaw that allows an attacker with arbitrary memory read and write capabilities to bypass the system’s Pointer Authentication mechanism. This compromise removes a critical hardware‑backed integrity check, enabling the attacker to tamper with pointers that control program flow. The vulnerability can be used to execute malicious code, directly affecting confidentiality, integrity, and availability of the entire operating system, application data, and potentially the user’s personal information.

Affected Systems

Apple’s mobile and desktop operating systems – iOS, iPadOS, macOS, tvOS, and visionOS – are affected. All versions prior to the fixed releases – iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1 – remain vulnerable. Devices running earlier releases or not applying the correct security updates cannot rely on Pointer Authentication for code integrity.

Risk and Exploitability

The CVSS score of 9.8 marks this flaw as critical, and an EPSS rate of 2% suggests a tangible but moderate likelihood of exploitation. It is listed in CISA’s KEV catalog, indicating confirmed use in advanced targeted attacks. While the exact attack vector is not publicly detailed, the description implies a hostile environment where an attacker already has local privileges or achieves privilege escalation to exploit memory read/write access. Once the attacker achieves this capability, bypassing Pointer Authentication gives them the ability to execute arbitrary code with kernel‑level privileges.

Generated by OpenCVE AI on April 28, 2026 at 02:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all Apple devices to the latest OS releases: iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.
  • Configure each device to receive and install updates automatically, ensuring swift deployment of security patches.
  • If a device cannot be updated immediately, contain the risk by limiting root or administrative access, monitoring system logs for anomalous memory reads or writes, and treating any suspicious activity as a potential Pointer Authentication bypass attempt. Additionally, developers should audit applications for proper validation of authentication tokens and state variables, aligning with CWE‑1220 best practices to prevent tampering.

Generated by OpenCVE AI on April 28, 2026 at 02:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11381 This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
History

Tue, 28 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write Exploit

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Mon, 24 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 18 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Thu, 17 Apr 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-04-17'}

Thu, 17 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 18:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:41.543Z

Reserved: 2025-03-27T16:13:58.315Z

Link: CVE-2025-31201

cve-icon Vulnrichment

Updated: 2025-11-03T19:48:19.883Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-16T19:15:54.673

Modified: 2026-04-03T14:31:32.007

Link: CVE-2025-31201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:30:18Z

Weaknesses