Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Published: 2025-11-04
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption and Denial of Service
Action: Immediate Patch
AI Analysis

Impact

An out‑of‑bounds memory access flaw exists within the media file handling path of iOS, iPadOS, and macOS. The vulnerability arises when a specially crafted media file is processed, leading to unexpected application termination or corruption of process memory. The flaw emerges from improper bounds checking and is listed as CWE‑79 in the advisory.

Affected Systems

Apple devices running iOS 26 or earlier, iPadOS 26 or earlier, macOS Sonoma 14.8.2, 14.8.4, or macOS Tahoe 26 or earlier are affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity impact. The EPSS score of less than 1% suggests that widespread exploitation is currently low. Based on the description, it is inferred that a maliciously crafted media file could trigger the flaw. The vulnerability is not listed in CISA KEV and delivery methods are not explicitly stated, so the attacker’s route remains unclear.

Generated by OpenCVE AI on April 28, 2026 at 10:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest iOS or iPadOS version (26 or higher).
  • Upgrade macOS to Sonoma 14.8.2 or newer, or Tahoe 26 or newer.
  • If an update cannot be applied immediately, disable automatic media downloads or remove external media sources to limit exposure.

Generated by OpenCVE AI on April 28, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Memory Access in Media File Handling Causing Crash or Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26, macOS Sonoma 14.8.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Sonoma 14.8.4, macOS Tahoe 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References

Wed, 17 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26, macOS Sonoma 14.8.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References

Tue, 04 Nov 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sonoma
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sonoma

Tue, 04 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:06.637Z

Reserved: 2025-04-16T15:24:37.110Z

Link: CVE-2025-43338

cve-icon Vulnrichment

Updated: 2025-11-04T15:13:05.263Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:40.717

Modified: 2026-04-02T19:20:29.747

Link: CVE-2025-43338

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:30:29Z

Weaknesses