Description
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Published: 2025-04-16
Score: 9.8 Critical
EPSS: 12.4% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows an attacker with arbitrary memory read and write capabilities to bypass Apple’s pointer authentication mechanism. This is a CWE‑1220 Pointer Authentication Bypass. The CVE description does not explicitly state the consequences, so it is inferred that the attacker could potentially compromise the integrity and confidentiality of the device.

Affected Systems

The vulnerability affects Apple’s iOS, iPadOS, macOS Sequoia, tvOS, and visionOS. It is mitigated in the latest releases: iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1. Devices running earlier versions are still vulnerable.

Risk and Exploitability

With a CVSS score of 9.8 and an EPSS of 13%, the risk is critical and the likelihood of exploitation is moderate. The flaw is listed in the CISA KEV catalog. The CVE notes a report of potential exploitation in a sophisticated attack against specific targeted individuals on iOS, but no confirmed widespread exploitation is indicated. The requirement for arbitrary read/write indicates that a precursor vulnerability is needed for the bypass.

Generated by OpenCVE AI on June 18, 2026 at 02:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that removes the vulnerable pointer authentication bypass code (e.g., iOS 18.4.1).
  • Configure systems to enforce strict memory protection and isolation consistent with CWE‑1220, ensuring that only trusted code can perform arbitrary memory accesses.
  • Disable or restrict functions that allow arbitrary read/write, such as debug interfaces or insecure memory manipulation APIs, to mitigate the precursor weakness that enables the pointer authentication bypass.

Generated by OpenCVE AI on June 18, 2026 at 02:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11381 This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write on Apple OS Platforms

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write on Apple OS Platforms

Mon, 25 May 2026 17:30:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write Exploit

Tue, 28 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Pointer Authentication Bypass via Arbitrary Read/Write Exploit

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Mon, 24 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 18 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Thu, 17 Apr 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-04-17'}

Thu, 17 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 18:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:41.543Z

Reserved: 2025-03-27T16:13:58.315Z

Link: CVE-2025-31201

cve-icon Vulnrichment

Updated: 2025-11-03T19:48:19.883Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-16T19:15:54.673

Modified: 2026-06-17T09:10:00.800

Link: CVE-2025-31201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T02:45:16Z

Weaknesses
  • CWE-1220

    Insufficient Granularity of Access Control