Description
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.
Published: 2025-07-29
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A memory corruption flaw in how Apple’s operating systems parse textures can be exploited by supplying a specially crafted texture. The insufficient input validation leads directly to a crash, terminating the application that processes the texture. This type of fault falls under input validation weaknesses (CWE‑20) and, in the worst case, can be used to deny service to the affected application. The description does not indicate that an attacker gains code execution or other privileges.

Affected Systems

The vulnerability affects Apple’s major platforms: iOS and iPadOS, macOS, tvOS, visionOS, and watchOS. The problem is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Systems running earlier versions of these operating systems remain susceptible.

Risk and Exploitability

The CVSS score of 9.8 signals a critical severity, yet the EPSS score of less than 1 % indicates a very low likelihood that this vulnerability is currently being exploited in the wild. The flaw is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is local: an attacker would need to deliver a malicious texture to an application that processes textures, which could occur through a malicious app, compromised media, or a trusted app loaded with malicious data. No remote exploitation path is explicitly documented.

Generated by OpenCVE AI on April 28, 2026 at 00:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates (iOS 18.6+, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) to receive the fixed input‑validation logic.
  • Restrict the installation of applications to trusted sources such as the App Store, and avoid sideloading or third‑party apps that may process untrusted textures.
  • Monitor device logs for unexpected application crashes and report any anomalies to Apple support or through the relevant official channels.

Generated by OpenCVE AI on April 28, 2026 at 00:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23126 Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination.
History

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Title Memory Corruption via Malicious Texture Causes App Termination in Multiple Apple Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination. Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Wed, 30 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple tvos
Apple visionos
Apple watchos

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:11:06.400Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43234

cve-icon Vulnrichment

Updated: 2025-11-03T20:02:19.221Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:35.453

Modified: 2026-04-02T19:20:10.190

Link: CVE-2025-43234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:00:10Z

Weaknesses