Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: 2.5% Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A buffer overflow was discovered due to insufficient bounds checking in several Apple operating systems. The flaw allows a malicious application to overwrite memory, which can cause the operating system to terminate unexpectedly. The high CVSS score of 9.8 reflects the significant potential for system instability resulting from this overflow.

Affected Systems

The affected products are Apple iOS, iPadOS, macOS, visionOS, and watchOS. Specifically, the vulnerability exists in iOS 18.4, iPadOS 18.4 and iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, and watchOS 11.4.

Risk and Exploitability

The CVSS score of 9.8 reflects a high severity, and an EPSS score of 2% indicates that exploitation is likely to occur once a weaponized exploit is available. The vulnerability is not currently listed in CISA’s KEV catalog, but its high CVSS score warrants vigilant monitoring. Attackers can exploit this flaw by installing and running a crafted application on the target device, potentially causing a denial of service.

Generated by OpenCVE AI on April 28, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that include the fix: iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, and watchOS 11.4.
  • If device updates cannot be applied immediately, restrict installation of applications to trusted sources only and consider disabling the installation of unsigned apps via device management or settings.
  • Continuously monitor device logs for unexpected termination events and apply additional security controls such as disabling unnecessary services or enabling integrity protection features until the vulnerability is fully remediated.

Generated by OpenCVE AI on April 28, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8967 A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Leading to Application‑Induced System Termination in Apple OSes

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination. A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination.
References

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Ipados Iphone Os Macos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:13.634Z

Reserved: 2025-01-17T00:00:45.007Z

Link: CVE-2025-24237

cve-icon Vulnrichment

Updated: 2025-11-03T21:10:02.070Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:20.957

Modified: 2026-04-02T19:19:24.227

Link: CVE-2025-24237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses