The disclosed vulnerability originates from flawed memory handling within macOS, leading to a potential denial‑of‑service condition when certain applications execute vulnerable code. The flaw is associated with CWE‑400, indicating insufficient resource limits or infinite loops that can exhaust system memory or cause kernel panics. An attacker can trigger this by crafting or executing a malicious application, resulting in an unresponsive system that requires a restart. This DoS impact can affect the availability of the compromised machine while other security properties remain intact.

The flaw affects Apple’s macOS operating system across multiple releases. Specifically, the issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. All earlier versions of these macOS lines are potentially vulnerable. The affected platforms include both desktop and server variants where the operating system is installed, though the description does not discriminate between hardware models.

The CVSS score of 9.8 categorizes this vulnerability as critical, while the EPSS score of less than 1% indicates a very low probability of exploitation at present. The flaw is not registered in the CISA KEV catalog, suggesting no known large‑scale attacks. The attack likely requires the user to run a specially crafted application, implying a local or near‑local attack vector; remote exploitation is not indicated by the data. If exploited, the attacker could cause a service interruption that would force a restart of the affected machine, potentially allowing a user or service to be unavailable for an extended period.