Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.
Published: 2025-11-21
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel memory read may expose sensitive data
Action: Patch
AI Analysis

Impact

An out‑of‑bounds read was detected in kernel memory. When exploited the attacker could read protected data, potentially leading to information disclosure. The weakness arises from insufficient bounds checking prior to the read operation, as identified by CWE‑121. The same flaw persists across multiple Apple operating systems but is mitigated by applying the latest security updates.

Affected Systems

Apple operating systems including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. The flaw is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Versions prior to those listed remain vulnerable.

Risk and Exploitability

The CVSS score of 4.3 indicates a medium impact with a modest exploitation potential. The EPSS score is less than 1%, demonstrating a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack requires physical proximity to the target device, making the threat local. An attacker with such access could trigger the off‑by‑one read and retrieve kernel data.

Generated by OpenCVE AI on April 27, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest operating‑system updates to the affected devices (iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5).
  • Restrict physical access to devices so that untrusted personnel cannot approach the target. This reduces the likelihood of a successful local exploit.
  • Enable device management controls that enforce secure boot and restrict kernel modifications, ensuring the bounds‑checking logic cannot be bypassed.
  • If an update cannot be applied immediately, isolate the device on a separate security segment and monitor for anomalous memory reads.

Generated by OpenCVE AI on April 27, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Kernel Read in Apple Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory. An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.
References

Wed, 26 Nov 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Mon, 24 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Apple visionos
Apple watchos

Sun, 23 Nov 2025 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 21 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Sequoia 15.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Macos Ventura Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:58.447Z

Reserved: 2025-04-16T15:24:37.115Z

Link: CVE-2025-43374

cve-icon Vulnrichment

Updated: 2025-11-23T11:28:30.623Z

cve-icon NVD

Status : Modified

Published: 2025-11-21T22:16:19.863

Modified: 2026-04-02T19:20:35.593

Link: CVE-2025-43374

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:00:13Z

Weaknesses