CVE-2025-31200 & CVE-2025-31201 | iMessage Zero‑Click RCE Chain

Summary

This repository documents research into a zero‑click remote exploit chain affecting iOS 18.x. A malformed MP4 audio file delivered via iMessage triggers:

1. Heap corruption in CoreAudio (CVE‑2025‑31200) — in AudioConverterService AAC decoding.
2. Kernel escalation via AppleBCMWLAN/AMPDU handling (CVE‑2025‑31201) — leads to kernel code execution.

In post‑pivot testing, misuse of CryptoTokenKit signing operations was observed, invoking Secure Enclave–backed keys without interactive prompts. Apple patched the vulnerabilities in iOS 18.4.1.

---

Verified Behavior

• CVE‑2025‑31200 (CoreAudio) — Heap corruption in AudioConverterService AAC decoder via malformed inMagicCookie. Zero-click, no user interaction required.
• CVE‑2025‑31201 (AppleBCMWLAN) — Kernel privilege escalation following CoreAudio corruption. Fully reproducible on affected devices/builds.
• Zero-click delivery vector — Malicious media processed by iMessage while device is locked.

---

Observed Post‑Compromise Behavior

• Unauthorized signing: CryptoTokenKit / identityservicesd invoked signing operations from a compromised context without UI prompts (no Secure Enclave key material exported).
• System instability: Media decode failures correlated with PME enforcement logs, GPU/AppleDCP link errors, mediaplaybackd variant‑switch loops and occasional launchd/SoC stalls.
• Propagation conditions: Peer token reuse across AWDL observed; potential cross-device risk if token caches survive

Scope of Impact

• Affected: iOS ≤ 18.4
• Patched: iOS 18.4.1 (Apr 16, 2025) — fixes CVE‑2025‑31200, CVE‑2025‑31201
• Vector: Zero‑click iMessage/SMS from known sender (bypasses BlastDoor/Blackhole)
• Primary component: AudioConverterService (CoreAudio AAC decoder) → AppleBCMWLAN.dext (kernel escalation)
• Chained component: AppleBCMWLAN.dext — AMPDU handling → kernel escalation (CVE‑2025‑31201)
• Privileges required: None (initial); kernel achieved post‑chain
• Impact summary: Integrity (unauthorized signing, token/device impersonation) + Availability (system stalls); Confidentiality — no key export

---

Disclosure Timeline

• Reported to Apple: Dec 20, 2024
• Re-Reported to Apple & US‑CERT: Jan 21, 2025 (Tracking ID: VRF#25-01-MPVDT)
• Shared with Google Project Zero / Research Team: Apr 11, 2025
• Patched by Apple: Apr 16, 2025 (iOS 18.4.1)
• CVE assignments: CVE‑2025‑31200 and CVE‑2025‑31201

---

Impact Statement

An attacker triggering this chain remotely can achieve:

• Kernel-level compromise

• Runtime co-op of Secure Enclave signing primitives

• Impersonation of device identities

• Forgery of identity-bound tokens

  Severity: Critical (CVSS 3.1 chain-aware 10.0)
  Operational risk: High; cross-device compromise potential and post-patch token persistence possible.

---

Recommendations

• Enforce BlastDoor / attachment inspection for all messages; do not bypass based on sender metadata.
• Apply rigorous input validation for decoder parameters (e.g., inMagicCookie/codec metadata).
• Implement runtime attestation for CryptoTokenKit / Secure Enclave signing operations to verify caller integrity and entitlements.
• Harden wireless driver surfaces and IOKit entrypoints against malformed kernel data.
• Monitor system logs for repeated ctkd / identityservicesd anomalies that may indicate residual propagation attempts.

---

License & Disclaimer

Released for defensive research and further study.