Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
Published: 2025-11-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service and potential kernel memory corruption
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is an improper memory handling flaw identified as CWE-400 in Apple operating systems. An attacker that can run a malicious application may trigger unexpected system termination or corrupt kernel memory, causing a denial-of-service. The potential for kernel memory corruption raises concerns for device stability and confidentiality, but privilege escalation is not explicitly confirmed.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS devices running any version prior to the 26.1 releases are affected. The flaw is fixed in iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, yet the EPSS score is below 1 % and the vulnerability is not listed in CISA’s KEV catalog, implying a low current exploitation likelihood. Nevertheless, because a malicious app can trigger the flaw, the attack vector is likely local or via malicious app distribution, and the risk remains moderate to high until patched. Organizations should treat this risk as significant and apply mitigations promptly.

Generated by OpenCVE AI on April 28, 2026 at 10:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, or watchOS 26.1 updates from Apple’s Software Update or App Store.
  • If a device cannot be updated, uninstall any recently added or suspicious applications with elevated permissions and watch for abnormal crashes.
  • After applying the update, reboot the device to ensure the new memory‑handling code is active.

Generated by OpenCVE AI on April 28, 2026 at 10:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Title Improper Memory Handling Leading to System Termination and Kernel Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory. The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory. The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
References

Thu, 06 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 05 Nov 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple tvos
Apple visionos
Apple watchos

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.
References

Subscriptions

Apple Ios Ipados Iphone Os Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:24.157Z

Reserved: 2025-04-16T15:24:37.126Z

Link: CVE-2025-43462

cve-icon Vulnrichment

Updated: 2025-11-04T20:44:25.967Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:51.510

Modified: 2026-04-02T19:20:50.350

Link: CVE-2025-43462

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses