Fixed: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
About the security content of visionOS 2.4.1
visionOS 2.4.1
Released April 16, 2025
CoreAudio
Available for: Apple Vision Pro
Impact: Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: A memory corruption issue was addressed with improved bounds checking.
CVE-2025-31200: Apple and Google Threat Analysis Group
RPAC
Available for: Apple Vision Pro
Impact: An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Description: This issue was addressed by removing the vulnerable code.
CVE-2025-31201: Apple