AI description
CVE-2025-31235 is a double free vulnerability affecting Apple's iPadOS and macOS operating systems. Discovered by Dillon Franke working with Google Project Zero, it resides in the Audio component. The vulnerability can be triggered by an application, potentially leading to unexpected system termination. Apple has addressed this issue by improving memory management in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, and macOS Sonoma 14.7.6. Users are advised to update to these versions to mitigate the vulnerability.
- Description
- A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 4
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-415
- Hype score
- Not currently trending
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability! https://t.co/IG0OcOaIWY
@dillon_franke
27 Jun 2025
9163 Impressions
35 Retweets
166 Likes
68 Bookmarks
3 Replies
0 Quotes
(CVE-2025-31235)[Audio]Double Free in coreaudiod/CoreAudio Framework -> MacOS sbx escape is now open with PoC(was confirmed on MacOS Sonoma 14.7.2 and MacOS Sequoia 15.3.2) https://t.co/SyETMv7DIc https://t.co/lxXUwa3i8N Reported by Dillon Franke(@dillon_franke),working with
@xvonfers
25 Jun 2025
958 Impressions
1 Retweet
11 Likes
12 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "683ECAF8-DB29-40DB-963A-B95EA2A2AC01",
"versionEndExcluding": "17.7.7"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A90AA958-60F3-474C-B351-0F143B498B3E",
"versionEndExcluding": "13.7.6"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EE6D3FD-8A49-48CF-80A3-0FFC6BA80B99",
"versionEndExcluding": "14.7.6",
"versionStartIncluding": "14.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7416C76-07EC-4132-A509-E3F62B002CCA",
"versionEndExcluding": "15.5",
"versionStartIncluding": "15.0"
}
],
"operator": "OR"
}
]
}
]