Description
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.
Published: 2026-04-02
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

An application crash vulnerability exists due to a type confusion bug that impacts how memory is handled. This flaw can cause unexpected termination of processes or applications when triggered by malformed or malicious input. The vulnerability leads to a denial of service, interrupting user workflow or system services without granting the attacker further access or privilege escalation.

Affected Systems

Apple macOS products are affected. The issue is present in macOS Sequoia 15.x, macOS Sonoma 14.x, and macOS Ventura 13.x versions prior to the updates listed below. The fixed releases are macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Systems running earlier releases should be upgraded to these patch releases to eliminate the bug.

Risk and Exploitability

With a CVSS score of 3.3 the vulnerability carries a low to moderate risk rating, and the EPSS indicates an exploit probability of less than 1 %. The vulnerability is not listed in the CISA KEV catalog, suggesting no known automated exploitation. Attackers would need to deliver or run a malicious application that triggers the type confusion, implying a local or remote application‑level vector; however, definitive evidence of a publicly available exploit is lacking. The impact is limited to denial of service via application crashes, but it does not enable code execution or data exfiltration.

Generated by OpenCVE AI on April 3, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7, whichever applies to your system.
  • Verify that the operating system version matches the patched releases.
  • If an immediate update is not possible, monitor for abnormal application crashes and avoid running untrusted applications until the patch is applied.

Generated by OpenCVE AI on April 3, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title macOS Type Confusion Vulnerability Leading to Application Crash

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title macOS Type Confusion Vulnerability Leading to Application Crash
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.
Weaknesses CWE-843
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T19:35:30.145Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43236

cve-icon Vulnrichment

Updated: 2026-04-02T19:33:58.669Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:20:10.587

Modified: 2026-04-03T17:58:15.627

Link: CVE-2025-43236

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:32Z

Weaknesses