CVE-2025-31200

This repository documents a zero-click remote exploit chain affecting iOS 18.x, involving heap corruption in CoreAudio (CVE-2025-31200) and kernel privilege escalation via AppleBCMWLAN (CVE-2025-31201). The attack is delivered via a malformed MP4 audio file through iMessage, leading to kernel-level compromise and unauthorized signing operations.

This PoC demonstrates an out-of-bounds read/write vulnerability in Apple's CoreAudio (CVE-2025-31200) by manipulating the mRemappingArray in APAC (Apple Positional Audio Codec) decoding, leading to memory corruption. The exploit requires building on macOS < 15.4.1 and uses LLDB hooks to trigger the vulnerability during audio playback.

This repository contains a Python-based PoC for CVE-2025-31200, a buffer overflow in Apple's CoreAudio APAC decoder. The exploit generates a malicious APAC cookie with mismatched channel counts to trigger out-of-bounds memory access.

This repository documents CVE-2025-31200, a zero-click RCE vulnerability in iOS 18.X's AudioConverterService, triggered via malicious audio files in iMessage/SMS. It includes a technical write-up but no exploit code.