Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.
Published: 2025-11-12
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-Bounds Memory Access with ASLR Bypass
Action: Update OS
AI Analysis

Impact

This vulnerability allows a program to read memory beyond its allocated bounds. The flaw is mitigated by improved bounds checking, yet an attacker can still bypass address‑space layout randomization, potentially making further attacks easier. The impact is limited to memory disclosure and compromise of address randomization, which increases the difficulty of unrelated exploits but does not directly enable unrestricted code execution.

Affected Systems

Apple devices running iOS 18.4 or later, iPadOS 18.4 or 17.7.6 and later, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4 and later are affected. Products are affected in the indicated firmware releases.

Risk and Exploitability

The CVSS score of 4.0 indicates moderate severity, while an EPSS score of less than 1% shows that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. Likely attack vectors involve a malicious application installed on the device; the attacker would need the app to trigger the bounds check failure to bypass ASLR.

Generated by OpenCVE AI on April 27, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS releases that include the bounds‑checking fix: iOS 18.4+, iPadOS 18.4/17.7.6+, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4 or later.
  • If a device cannot be updated to a fixed release, remove or block execution of applications that could trigger the out‑of‑bounds read to reduce the chance of an ASLR bypass.
  • Configure device management to enforce automatic OS updates and block installation of apps from unverified sources, limiting the opportunity for malicious exploitation.

Generated by OpenCVE AI on April 27, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Access Enabling ASLR Bypass

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to bypass ASLR.
References

Fri, 14 Nov 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Thu, 13 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Thu, 13 Nov 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 12 Nov 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Wed, 12 Nov 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple tvos
Apple visionos
Apple watchos

Wed, 12 Nov 2025 00:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR.
References

Subscriptions

Apple Ios Ipados Iphone Os Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:47.787Z

Reserved: 2025-04-16T15:24:37.088Z

Link: CVE-2025-43205

cve-icon Vulnrichment

Updated: 2025-11-12T21:24:00.204Z

cve-icon NVD

Status : Modified

Published: 2025-11-12T01:15:34.950

Modified: 2026-04-02T19:20:04.340

Link: CVE-2025-43205

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:00:13Z

Weaknesses