{"uuid": "78842211-36a0-4523-9e9a-ea14c1b05b21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "More details about CVE-2025-31200", "description": "On April 16, 2025, Apple released a patch for a bug in CoreAudio which they said was \u201cActively exploited in the wild.\u201d This flew under the radar a bit. Epsilon\u2019s blog has a great writeup of the other bug that was presumably exploited in this chain: a bug in RPAC. The only thing out there that I am aware of about the CoreAudio side of the bug is a video by Billy Ellis (it\u2019s great. I\u2019m featured. You should watch\u2026you\u2019re probably here from that anyways). As he mentioned in the video, \u201cAnother security researcher by the name of \u2018Noah\u2019 was able to tweak the values such that when it was played on MacOS, it actually did lead to a crash.\u201d I think it\u2019s still worth it to write about that \u2018tweaking\u2019 process in more detail.\n\nI had just finished another project and ended up on a spreadsheet maintained by Project Zero which tracks zero days that have been actively exploited in the wild. It just so happened that that day there had been another addition: CVE-2025-31200. I couldn\u2019t find any writeups on it, or really any information other than the fact that it was a \u201cmemory corruption in CoreAudio\u201d so I decided to have a look myself. How hard could it be?\n\n\nFor more details - [https://blog.noahhw.dev/posts/cve-2025-31200/](https://blog.noahhw.dev/posts/cve-2025-31200/])", "description_format": "markdown", "vulnerability": "CVE-2025-31200", "creation_timestamp": "2025-06-02T20:43:06.112737+00:00", "timestamp": "2025-06-02T20:43:39.581242+00:00", "related_vulnerabilities": ["CVE-2025-31200"], "meta": [{"tags": ["vulnerability:origin=software"]}], "author": {"login": "sync_user", "name": "sync_user", "uuid": "4f29edb9-4c4b-44ca-b041-9b050656b6ae"}}