Apple Multiple Products Arbitrary Read and Write Vulnerability

Added April 17, 2025 • Due May 8, 2025 • CVE-2025-31201

Overdue Apple / Multiple Products

Description

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

https://support.apple.com/en-us/122282
https://support.apple.com/en-us/122400
https://support.apple.com/en-us/122401
https://support.apple.com/en-us/122402
https://nvd.nist.gov/vuln/detail/CVE-2025-31201

Additional Information

Catalog Version: 2025.04.17
Catalog Released: April 17, 2025
Days Until Due: 0 days
Last Updated: 5 months, 2 weeks ago