Aperçu
A pointer authentication bypass vulnerability in Apple operating systems (tvOS, visionOS, iOS, iPadOS, and macOS Sequoia) allows attackers with arbitrary read/write capabilities to bypass pointer authentication security measures. The vulnerability stems from removed vulnerable code that improperly handles pointer authentication checks. This is a privilege escalation and security boundary bypass issue affecting multiple Apple platforms. La vulnérabilité a été divulguée le April 16, 2025. CISA a identifié CVE-2025-31201 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
The vulnerability exists in how Apple's operating systems implement pointer authentication code (PAC), a hardware-based security feature on ARM64 processors that signs code pointers to prevent unauthorized code execution. The affected code improperly validates pointer authentication, and while the vulnerable code was removed in later versions, the security bypass can still be achieved by attackers who have already obtained arbitrary read/write capabilities to kernel or process memory. This creates a secondary exploitation path that allows bypassing PAC security mechanisms.
La vulnérabilité est classifiée comme CWE-347 (Improper Verification of Cryptographic Signature) , CWE-287 (Improper Authentication) etCWE-269 (Improper Access Control (Generic)) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 6.2 (MEDIUM) avec la chaîne vectorielle CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N, indiquant sa nature medium.
Impact
An attacker with arbitrary read/write capabilities can bypass pointer authentication security mechanisms, leading to: (1) Code execution in privileged contexts; (2) Privilege escalation from user to kernel or between security contexts; (3) Bypassing exploit mitigations that rely on pointer authentication; (4) Complete compromise of system security boundaries; (5) Potential for jailbreaking or complete device compromise on iPhone, iPad, Apple TV, and Vision Pro devices. This is particularly severe as pointer authentication is a critical security mechanism on modern Apple Silicon and ARM processors.
Mitigation et contournements
Apple has addressed this vulnerability through security updates released in March 2025. Users should: (1) Open Settings > General > Software Update on iOS/iPadOS devices; (2) Go to Apple TV Settings > System > Software Updates on tvOS devices; (3) Access Settings > General > About > Software Update on visionOS devices; (4) Use System Settings > General > Software Update on macOS devices. Install the latest available version of their respective operating system. The vulnerability is patched in versions released after 2025-03-03. Les versions suivantes incluent les correctifs nécessaires : iOS 18.4.2 and later, iPadOS 18.4.2 and later, tvOS 18.4.2 and later, visionOS 2.4.2 and later, macOS Sequoia 15.4.2 and later.
Comme contournements temporaires : restrict physical device access and limit access to privileged debugging interfaces (jtag, dfu mode) as the exploit requires arbitrary read/write capabilities which typically necessitate either local code execution as a privileged process or physical hardware access., et disable usb restricted mode or require strong authentication for debugging access if using enterprise management systems, though this does not directly mitigate the pointer authentication bypass..
Recommandation de CISA : Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
