Impact
An out-of-bounds read flaw was discovered in Apple's audio processing system. The vulnerability allows a crafted audio file to be played that causes the application to read beyond valid memory limits, resulting in an unexpected termination. This maps to CWE-125 and effectively allows a local denial of service by crashing the affected app. The description indicates no confirmed data exposure, only crash behavior.
Affected Systems
The issue affects Apple operating systems that precede the released fixes: iOS versions earlier than 18.4, iPadOS versions earlier than 18.4 and 17.7.6, macOS versions earlier than Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5, tvOS earlier than 18.4, visionOS earlier than 2.4, and watchOS earlier than 11.4.
Risk and Exploitability
With a CVSS score of 9.8 the flaw is considered critical, while an EPSS score of 2% suggests a low exploitation probability and it is not listed in CISA’s KEV catalog. The most likely attack vector involves a local or network-delivered malicious audio file provided to the user or injected into media playback. Although the immediate impact is a crash, the high severity warrants urgent patching.
OpenCVE Enrichment
EUVD