Description
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap Corruption or Application Termination
Action: Patch Immediately
AI Analysis

Impact

A memory initialization flaw in macOS can be triggered by a remote attacker, potentially leading to unexpected application termination or heap corruption. The vulnerability is classified as CWE-400, indicating uncontrolled memory allocation. There is no evidence in the official description that the flaw leads to data confidentiality breaches; damage appears limited to denial of service and instability within affected applications.

Affected Systems

Apple macOS versions prior to the security releases provide protection: Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. All earlier macOS iterations remain vulnerable to this issue.

Risk and Exploitability

The CVSS score of 5.5 signals a moderate severity level. The EPSS score of less than 1% reflects a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Remote attackers appear capable of delivering the exploit, although the precise conditions for triggering the memory allocation bug are not detailed in the advisory. No additional prerequisites are specified beyond the presence of a vulnerable application.

Generated by OpenCVE AI on April 28, 2026 at 11:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS security updates for Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5 to remove the memory initialization flaw.
  • Ensure that only essential network services are running locally; disabling unnecessary apps reduces the exposure that could trigger the vulnerability.
  • Enable system monitoring or logging to detect anomalous application crashes or signs of heap corruption, providing an early warning of potential exploitation attempts.

Generated by OpenCVE AI on April 28, 2026 at 11:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8985 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
History

Tue, 28 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Title macOS Memory Initialization Flaw Enabling Remote Heap Corruption or Application Termination

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption. A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:28.242Z

Reserved: 2025-01-17T00:00:45.007Z

Link: CVE-2025-24235

cve-icon Vulnrichment

Updated: 2025-11-03T21:09:50.204Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:20.770

Modified: 2026-04-02T19:19:23.890

Link: CVE-2025-24235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses