Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Published: 2025-11-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑bounds access that can cause application crashes or corrupt process memory
Action: Patch
AI Analysis

Impact

An out‑of‑bounds access issue was identified in the processing of media files, which was mitigated with improved bounds checking. If an attacker supplies a malformed media file, the affected application may terminate unexpectedly or its memory could become corrupted. This flaw does not directly grant code execution but can lead to instability that may be leveraged in broader attacks.

Affected Systems

Apple devices running iOS, iPadOS, macOS, tvOS, or visionOS are affected. The vulnerability exists in iOS 18.7.2 and iOS 26.1, iPadOS 18.7.2 and iPadOS 26.1, macOS Sequoia 15.7.2 and macOS Tahoe 26.1, tvOS 26.1, and visionOS 26.1.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation. It is not currently listed in the CISA KEV catalogue, so no widespread exploitation has been observed. The likely attack vector involves a maliciously crafted media file, but successful exploitation requires the user to process such a file, making the risk largely limited to users who open untrusted content.

Generated by OpenCVE AI on April 28, 2026 at 22:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all Apple operating systems to the latest available releases that include the patch (iOS 18.7.2+, iOS 26.1+, iPadOS 18.7.2+, iPadOS 26.1+, macOS Sequoia 15.7.2+, macOS Tahoe 26.1+, tvOS 26.1+, visionOS 26.1+).
  • Until the update is applied, avoid opening or playing media files from untrusted or unknown sources.
  • Configure device settings to disable or restrict automatic download of content from unknown sources, and enable system‑level media sandboxing to isolate playback or use trusted third‑party media applications that enforce stricter validation.

Generated by OpenCVE AI on April 28, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Media File Processing Crash Vulnerability

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1, macOS Sequoia 15.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ios
Apple ipad Os
Apple macos Sequoia
Vendors & Products Apple ios
Apple ipad Os
Apple macos Sequoia

Tue, 04 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Tue, 04 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1, macOS Sequoia 15.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os Macos Macos Sequoia Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:05.942Z

Reserved: 2025-04-16T15:24:37.116Z

Link: CVE-2025-43383

cve-icon Vulnrichment

Updated: 2025-11-04T14:41:32.616Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:45.293

Modified: 2026-04-02T19:20:37.197

Link: CVE-2025-43383

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:45:25Z

Weaknesses