ZDI-25-728 - Apple Mac OS X, Apple Ipados and Apple Tvos

July 30, 2025

Low

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the MediaToolbox framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-31239.

Affected software

Apple Mac OS X

Apple Ipados

Apple Tvos

Apple Macos

Apple watchOS

Apple Visionos

Apple iPhone OS

Reference links

https://support.apple.com/en-us/122716
http://www.zerodayinitiative.com/advisories/ZDI-25-728/

ZDI-25-728 - Apple Mac OS X, Apple Ipados and Apple Tvos

Affected software

Reference links

Get alerted to vulnerabilities in your software