Impact
This vulnerability is a use‑after‑free bug that allows an attacker on the local network to corrupt memory belonging to a running process on Apple devices. The corrupted memory can alter program flow, potentially leading to arbitrary code execution. The weakness is identified as CWE-416.
Affected Systems
Apple iOS 18.4 and later, iPadOS 18.4 and 17.7.6 and later, macOS Sequoia 15.4 and later, macOS Sonoma 14.7.5 and later, macOS Ventura 13.7.5 and later, tvOS 18.4 and later, and visionOS 2.4 and later. Devices with earlier firmware versions remain vulnerable.
Risk and Exploitability
The CVSS base score of 8.8 indicates high severity. The EPSS score of 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, indicating no known active exploits at this time. An attacker on the local network may exploit the flaw to corrupt memory and potentially execute code on the device.
OpenCVE Enrichment
EUVD