Description
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service.
Published: 2025-09-15
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

The vulnerability is a type confusion bug that can lead to a denial‑of‑service, allowing an application to cause the system to become unresponsive or crash. This weakness arises from improper memory handling corrected in macOS Tahoe 26. The flaw can be triggered when an application deals with incorrectly typed objects, potentially leading to application termination or system instability.

Affected Systems

Apple's macOS operating system is impacted, specifically versions prior to macOS Tahoe 26. Users running earlier releases may be subject to the denial‑of‑service condition when dealing with obfuscated or malformed input from applications.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity, and the EPSS score below 1% suggests low likelihood of widespread exploitation at present. The flaw is not in the CISA KEV catalog. Attack vectors are inferred to be local; an app that can execute type confusion may trigger the denial‑of‑service. Protection and timely patching reduce the risk.

Generated by OpenCVE AI on April 28, 2026 at 00:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Tahoe 26 or later releases
  • Ensure that all macOS security updates are installed
  • Avoid running untrusted applications until the update is applied

Generated by OpenCVE AI on April 28, 2026 at 00:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29342 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service.
History

Tue, 28 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
Title Type Confusion Causing Denial of Service on macOS Tahoe 26

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 16 Sep 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. An app may be able to cause a denial-of-service.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:09.155Z

Reserved: 2025-04-16T15:24:37.103Z

Link: CVE-2025-43297

cve-icon Vulnrichment

Updated: 2025-11-03T18:10:19.844Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:32.797

Modified: 2025-11-03T19:15:57.527

Link: CVE-2025-43297

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:30:15Z

Weaknesses