Description
A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.
Published: 2025-10-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Unexpected System Termination
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a double‑free issue that, if exploited, can cause an application or the system to terminate unexpectedly. This memory‑management flaw allows an attacker to free a single memory block twice and then trigger a failed access. The result is a denial‑of‑service condition where the device may crash or reboot. The flaw is classified as CWE‑415, double free or corruption.

Affected Systems

Affected products are Apple operating systems. Version ranges that contain the bug include iOS when older than 18.6, iPadOS when older than 18.6 or 17.7.9, macOS older than Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7, tvOS older than 18.6, visionOS older than 2.6, and watchOS older than 11.6. Devices running any of these unsupported releases are susceptible.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1% suggests a low exploitation likelihood. The vulnerability is not listed in CISA KEV. The likely attack vector is via a malicious or compromised application that can invoke the faulty memory operation; based on the description, it is inferred that an attacker would need to either execute code in the context of the vulnerable process or supply a specially crafted payload to trigger the double free. This means the risk is primarily scoped to the local device; remote exploitation is not directly supported by the given data.

Generated by OpenCVE AI on April 27, 2026 at 23:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the publicly released updates for all affected Apple operating systems, including iOS 18.6, iPadOS 18.6/17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6.
  • If immediate update is unavailable, restrict execution of applications that potentially trigger double free by disabling unfamiliar or newly‑installed apps until a patch is applied.
  • After applying the update, monitor system stability and review crash logs to confirm the issue is resolved.

Generated by OpenCVE AI on April 27, 2026 at 23:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Double Free Leading to Unexpected System Termination Across Apple's Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination. A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ios
Apple ipad Os
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Apple tv Os
Apple watch Os
Vendors & Products Apple ios
Apple ipad Os
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Apple tv Os
Apple watch Os

Thu, 16 Oct 2025 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Wed, 15 Oct 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Description A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Macos Ventura Tv Os Tvos Visionos Watch Os Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:05.505Z

Reserved: 2025-04-16T15:24:37.101Z

Link: CVE-2025-43282

cve-icon Vulnrichment

Updated: 2025-10-15T20:40:33.844Z

cve-icon NVD

Status : Modified

Published: 2025-10-15T20:15:35.153

Modified: 2026-04-02T19:20:19.610

Link: CVE-2025-43282

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:45:15Z

Weaknesses