CVE-2025-31229 is a critical security vulnerability affecting Apple iOS and iPadOS devices, specifically related to the VoiceOver accessibility feature. The vulnerability stems from a logic issue in the way VoiceOver handles passcode input, which could result in the passcode being read aloud audibly. This behavior exposes sensitive authentication credentials to anyone within earshot, potentially allowing unauthorized individuals to capture the passcode without needing direct access to the device. The flaw is rooted in CWE-261 (Incorrect Control of Accessibility Features in a Security Decision), indicating improper checks or controls in the accessibility logic. The vulnerability does not require any user interaction or privileges to be exploited (AV:N/AC:L/PR:N/UI:N), making it remotely exploitable in scenarios where VoiceOver is enabled. The impact on confidentiality is high, as passcodes are critical secrets protecting device access. Additionally, the vulnerability leads to a loss of availability since the CVSS vector indicates an impact on availability (A:H), likely due to forced lockouts or device resets triggered by exploitation attempts. Apple addressed this issue in iOS 18.6 and iPadOS 18.6 by implementing improved logic checks to prevent passcodes from being read aloud. No known exploits have been reported in the wild yet, but the high CVSS score of 9.1 underscores the urgency for affected users to update promptly. The vulnerability affects unspecified versions prior to 18.6, implying a broad range of devices running earlier iOS/iPadOS versions are at risk. Given the widespread use of Apple mobile devices globally, this vulnerability poses a significant threat to user privacy and device security.

For European organizations, this vulnerability presents a serious risk to the confidentiality of device authentication credentials, especially in environments where VoiceOver is enabled for accessibility or other reasons. If exploited, attackers could gain unauthorized access to corporate devices, potentially leading to data breaches, unauthorized access to sensitive corporate information, and lateral movement within enterprise networks. The audible disclosure of passcodes could also facilitate social engineering or physical espionage attacks in office environments or public spaces. The impact extends to availability, as exploitation might cause device lockouts or require device resets, disrupting business operations. Organizations with employees who rely on accessibility features are particularly vulnerable. Furthermore, the breach of device passcodes could undermine multi-factor authentication schemes if the passcode is used as a factor, weakening overall security postures. Given the critical severity and ease of exploitation, European enterprises must prioritize patching to prevent potential compromise and operational disruption.

1. Immediate deployment of iOS 18.6 and iPadOS 18.6 updates across all Apple mobile devices within the organization to remediate the vulnerability. 2. Enforce policies to disable VoiceOver on devices where it is not required, minimizing the attack surface. 3. Educate users, especially those utilizing accessibility features, about the risks of passcode exposure and encourage vigilance in public or shared environments. 4. Implement device usage policies that restrict sensitive operations in environments where audible passcode disclosure could be overheard. 5. Monitor device logs and network activity for unusual access patterns that could indicate exploitation attempts. 6. Consider deploying Mobile Device Management (MDM) solutions to centrally manage updates and security configurations, ensuring compliance. 7. Review and strengthen multi-factor authentication mechanisms to reduce reliance on passcodes alone, mitigating the impact if passcodes are compromised. 8. Conduct regular security awareness training emphasizing the importance of securing authentication credentials and recognizing potential social engineering attempts.