Description
A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.
Published: 2025-12-12
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

An input validation flaw in macOS causes an application to crash when a user visits a malicious or specially crafted website. The vulnerability is limited to the affected application, leading to a loss of availability for that app while leaving other system components and data intact. No evidence of data compromise or arbitrary code execution is present.

Affected Systems

The flaw affects Apple macOS products, specifically versions prior to macOS Tahoe 26.1. The issue is resolved in macOS Tahoe 26.1 and later releases.

Risk and Exploitability

The CVSS score of 6.5 reflects moderate severity, and the EPSS score of less than 1% indicates a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. An attacker can trigger the exploit by hosting a malicious website and convincing a user on an internet‑connected device to visit it, thereby causing the application to crash and disrupting local availability.

Generated by OpenCVE AI on April 27, 2026 at 22:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 26.1 or later, which contains the fixed input validation.
  • If an update is not immediately available, avoid visiting untrusted or potentially malicious websites; consider disabling automatic loading of external content or enabling safe browsing mode.
  • Deploy network‑level URL filtering or browser security extensions to block known malicious URLs, reducing the chance of loading content that may trigger the denial‑of‑service.

Generated by OpenCVE AI on April 27, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title macOS Denial‑of‑Service via Malicious Web Content

Mon, 15 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Sat, 13 Dec 2025 23:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:07:38.813Z

Reserved: 2025-04-16T15:24:37.126Z

Link: CVE-2025-43464

cve-icon Vulnrichment

Updated: 2025-12-13T22:33:22.654Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-12T21:15:54.607

Modified: 2025-12-15T22:06:54.457

Link: CVE-2025-43464

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:45:15Z

Weaknesses