CVE-2025-31208: 
macOS vulnerability analysis and mitigation

CVE-2025-31208 is a security vulnerability affecting multiple Apple operating systems, discovered and disclosed on May 12, 2025. The vulnerability affects CoreAudio components in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, and macOS Ventura 13.7.6. The issue was identified by Hossein Lotfi of Trend Micro Zero Day Initiative (Apple Support, NVD).

The vulnerability exists in the CoreAudio component where parsing a file may lead to an unexpected app termination. The issue was addressed with improved checks in the affected systems. The vulnerability has received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network accessible, requires low attack complexity, and can result in high availability impact (NVD).

The primary impact of this vulnerability is the potential for unexpected application termination when parsing certain files, which could lead to service disruption. The CVSS score indicates that while there is no direct impact on confidentiality or integrity, the vulnerability can have a significant impact on system availability (NVD).

Apple has released security updates to address this vulnerability across multiple operating systems. The fix has been implemented in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, and macOS Ventura 13.7.6. Users are advised to update their systems to these versions to mitigate the vulnerability (Apple Support).

The vulnerability was discovered and reported by Hossein Lotfi of Trend Micro Zero Day Initiative, highlighting the ongoing collaboration between security researchers and Apple in identifying and addressing security issues (Apple Support).