Description
This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.
Published: 2026-04-02
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Buffer Overflow
Action: Immediate Patch
AI Analysis

Impact

A flaw in the operating system's memory handling logic permits an out-of-bounds write when processing a file, resulting in memory corruption. This can allow an attacker to run arbitrary code or crash the system, as the weakness aligns with the buffer overflow category, identified as CWE‑787.

Affected Systems

Apple iOS, iPadOS, and macOS devices running versions earlier than iOS 18.6, iPadOS 18.6, or macOS Sequoia 15.6 are affected. The patch that addresses the issue has been incorporated into those releases, so updating to the latest OS versions removes the vulnerability.

Risk and Exploitability

The base CVSS score of 8.8 places this flaw in the high severity range, indicating a significant impact if exploited. The EPSS score of less than 1 % suggests that widespread exploitation is currently unlikely, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker must deliver a crafted file to a vulnerable application, pointing to a local or application‑specific attack vector rather than remote exploitation.

Generated by OpenCVE AI on April 7, 2026 at 09:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OS updates—iOS 18.6, iPadOS 18.6, or macOS Sequoia 15.6—to receive the memory‑handling patch.
  • Verify the update installation and reboot the devices to ensure the fix takes effect.
  • Monitor for abnormal application behavior or crashes that could indicate residual exploitation attempts.
  • Check Apple’s support sites for any additional guidance or updates related to this vulnerability.

Generated by OpenCVE AI on April 7, 2026 at 09:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Vulnerability in Apple iOS, iPadOS, and macOS

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Memory Corruption via File Processing in Apple iOS, iPadOS, and macOS
Weaknesses CWE-119

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Memory Corruption via File Processing in Apple iOS, iPadOS, and macOS
First Time appeared Apple
Apple ios And Ipados
Apple macos
Weaknesses CWE-119
CWE-787
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-03T13:00:53.495Z

Reserved: 2025-04-16T15:24:37.088Z

Link: CVE-2025-43202

cve-icon Vulnrichment

Updated: 2026-04-02T19:02:11.554Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:20:03.913

Modified: 2026-04-03T18:00:04.027

Link: CVE-2025-43202

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:55:24Z

Weaknesses