The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting Apple’s CoreAudio.
Technical Details
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CVE-2025-31200 affects CoreAudio, an API Apple devices use for processing audio. The memory corruption vulnerability can be triggered with a maliciously crafted media file: when the audio stream in it is processed, it allows attackers to execute malicious code.
Affected Products:
WPC Admin Columns plugin for WordPress affects versions :
- visionOS: versions before 2.4
- iOS and iPadOS: versions before 18.4
- tvOS: versions before 18.4
- macOS: versions before 15.4
Recommendations
The Digital Security Authority recommends updating corresponding versions:
- visionOS: update to version 2.4.1
- iOS and iPadOS: update to version 18.4.1
- tvOS: update to version 18.4.1
- macOS: update to version 15.4.1
References
The information presented in this report is based on available data up to the 19th of April 2025.