Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
Published: 2025-07-29
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch immediately
AI Analysis

Impact

An out-of-bounds write flaw has been identified in macOS, caused by inadequate bounds checking that could allow a malicious application to write outside the intended memory area. This type of memory corruption can lead to arbitrary memory damage and results in the operating system terminating unexpectedly, representing a denial‑of‑service condition. The weakness is classified as CWE‑787, reflecting a violation of proper bounds validation when accessing memory objects.

Affected Systems

Apple’s macOS platform is affected, with versions released prior to macOS Sequoia 15.6 carrying the vulnerability. The fix incorporates improved bounds checking and is available in Sequoia 15.6 and later releases, so any older macOS distribution remains at risk.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while the EPSS score of less than 1 % suggests a low predicted exploitation probability at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker would need to run a malicious application on the target machine to trigger the out-of-bounds write, implying a local execution requirement. The risk therefore primarily applies to environments where untrusted or elevated applications can run on macOS systems.

Generated by OpenCVE AI on April 28, 2026 at 18:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.6 or a later release that includes the improved bounds checking fix
  • Deploy the latest macOS update to all end‑points, including servers and workstations, to eliminate the out‑of‑bounds write issue
  • Where possible, use application sandboxing or restrict the execution of untrusted applications to reduce the chance of local code execution triggering the vulnerability

Generated by OpenCVE AI on April 28, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23072 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
History

Tue, 28 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Title macOS Out‑of‑Bounds Write Causes Unexpected System Termination

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 30 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Vendors & Products Apple
Apple macos
Apple macos Sequoia

Wed, 30 Jul 2025 00:15:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Macos Macos Sequoia
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:36.067Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43237

cve-icon Vulnrichment

Updated: 2025-11-03T20:02:22.014Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:35.677

Modified: 2025-11-03T20:18:55.580

Link: CVE-2025-43237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T18:45:15Z

Weaknesses