Description
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
Published: 2026-04-02
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Unexpected System Termination)
Action: Patch
AI Analysis

Impact

An integer overflow in macOS can cause an application to trigger an unexpected system termination, effectively crashing the operating system. This failure of input validation permits the overflow to be exploited, which results in a denial‑of‑service impact on the affected system. The vulnerability does not directly affect confidentiality or integrity, but it does impair availability for any user or process on the machine.

Affected Systems

Apple’s macOS operating system is affected in versions prior to the updates that include this fix. The issue was addressed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7, so any installation predating those releases is vulnerable.

Risk and Exploitability

The CVSS score of 6.2 classifies the vulnerability at moderate severity, while the EPSS score of less than 1% indicates a low probability of current exploitation. It is not listed in the CISA KEV catalog. The attack vector is not expressly described, but the description indicates that an application capable of supplying malicious input could trigger the overflow, implying a local or privileged application level attack.

Generated by OpenCVE AI on April 3, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS update to reach at least Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7.
  • Verify that the system reports the new version number after the update.
  • If the system cannot be updated immediately, limit the use of affected applications and monitor for any crash or termination events.

Generated by OpenCVE AI on April 3, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Unexpected System Termination in macOS

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow Causing Unexpected System Termination in macOS
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:54:57.007Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43238

cve-icon Vulnrichment

Updated: 2026-04-02T18:54:50.757Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-02T19:20:10.870

Modified: 2026-04-03T17:57:48.087

Link: CVE-2025-43238

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:55:41Z

Weaknesses