Summary
This repository documents research into a zero‑click remote exploit chain affecting iOS 18.x. A malformed MP4 audio file delivered via iMessage triggers:
Heap corruption in CoreAudio (CVE‑2025‑31200) — in AudioConverterService AAC decoding.
Kernel escalation via AppleBCMWLAN/AMPDU handling (CVE‑2025‑31201) — leads to kernel code execution.
In post‑pivot testing, misuse of CryptoTokenKit signing operations was observed, invoking Secure Enclave–backed keys without interactive prompts. Apple patched the vulnerabilities in iOS 18.4.1.
Verified Behavior
CVE‑2025‑31200 (CoreAudio) — Heap corruption in AudioConverterService AAC decoder via malformed inMagicCookie. Zero-click, no user interaction required.
CVE‑2025‑31201 (AppleBCMWLAN) — Kernel privilege escalation following CoreAudio corruption. Fully reproducible on affected devices/builds.
Zero-click delivery vector — Malicious media processed by iMessage while device is locked.
Observed Post‑Compromise Behavior
Unauthorized signing: CryptoTokenKit / identityservicesd invoked signing operations from a compromised context without UI prompts (no Secure Enclave key material exported).
System instability: Media decode failures correlated with PME enforcement logs, GPU/AppleDCP link errors, mediaplaybackd variant‑switch loops and occasional launchd/SoC stalls.
Propagation conditions: Peer token reuse across AWDL observed; potential cross-device risk if token caches survive
Scope of Impact
Affected: iOS ≤ 18.4
Patched: iOS 18.4.1 (Apr 16, 2025) — fixes CVE‑2025‑31200, CVE‑2025‑31201
Vector: Zero‑click iMessage/SMS from known sender (bypasses BlastDoor/Blackhole)
Primary component: AudioConverterService (CoreAudio AAC decoder) → AppleBCMWLAN.dext (kernel escalation)
Chained component: AppleBCMWLAN.dext — AMPDU handling → kernel escalation (CVE‑2025‑31201)
Privileges required: None (initial); kernel achieved post‑chain
Impact summary: Integrity (unauthorized signing, token/device impersonation) + Availability (system stalls); Confidentiality — no key export
Disclosure Timeline
Reported to Apple: Dec 20, 2024
Re-Reported to Apple & US‑CERT: Jan 21, 2025 (Tracking ID: VRF#25-01-MPVDT)
Shared with Google Project Zero / Research Team: Apr 11, 2025
Patched by Apple: Apr 16, 2025 (iOS 18.4.1)
CVE assignments: CVE‑2025‑31200 and CVE‑2025‑31201
Impact Statement
An attacker triggering this chain remotely can achieve:
Kernel-level compromise
Runtime co-op of Secure Enclave signing primitives
Impersonation of device identities
Forgery of identity-bound tokens
Severity: Critical (CVSS 3.1 chain-aware 10.0)
Operational risk: High; cross-device compromise potential and post-patch token persistence possible.
Recommendations
Enforce BlastDoor / attachment inspection for all messages; do not bypass based on sender metadata.
Apply rigorous input validation for decoder parameters (e.g., inMagicCookie/codec metadata).
Implement runtime attestation for CryptoTokenKit / Secure Enclave signing operations to verify caller integrity and entitlements.
Harden wireless driver surfaces and IOKit entrypoints against malformed kernel data.
Monitor system logs for repeated ctkd / identityservicesd anomalies that may indicate residual propagation attempts.