Description
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
Published: 2025-09-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap Corruption
Action: Patch Update
AI Analysis

Impact

The vulnerability is a bounds‑check flaw that can be triggered by a maliciously crafted string, resulting in heap corruption.

Affected Systems

All Apple macOS releases prior to macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26 are affected; the issue is fixed in those releases and later versions.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA KEV. The likely attack vector involves the processing of a maliciously crafted string by an affected component.

Generated by OpenCVE AI on April 28, 2026 at 10:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the macOS installation to at least macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26, which contain the enhanced bounds‑checking fix.
  • Reboot the system after the update to ensure all services load with the patched code.
  • Enable automatic macOS software updates to reduce the window of exposure for future vulnerabilities.

Generated by OpenCVE AI on April 28, 2026 at 10:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29279 The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
History

Tue, 28 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Title Heap Corruption via Malicious String Processing in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. Processing a maliciously crafted string may lead to heap corruption. The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption. The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. Processing a maliciously crafted string may lead to heap corruption.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 18 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Tahoe

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:18.683Z

Reserved: 2025-04-16T15:24:37.111Z

Link: CVE-2025-43353

cve-icon Vulnrichment

Updated: 2025-11-03T18:12:07.503Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:37.180

Modified: 2026-04-02T19:20:32.173

Link: CVE-2025-43353

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses