Impact
A bounds‑check error in Apple operating systems causes memory corruption during file processing. The flaw arises when the system fails to enforce proper size limits, leading to incorrect memory writes. The impact is corruption of memory buffers, which can destabilize affected processes or, in severe cases, compromise system integrity if exploited carefully.
Affected Systems
The vulnerability affects all Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS releases prior to the firmware updates that introduce improved bounds checks. The corrected versions are iOS 18.7.3 or 26.2, iPadOS 18.7.3 or 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2. Devices running earlier builds remain vulnerable.
Risk and Exploitability
The CVSS score of 8.8 classifies the flaw as high severity, and an EPSS score of 6% indicates a moderate likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. No explicit remote execution vector is documented; exploitation would typically involve supplying a crafted or malicious file that triggers the memory‑corruption path during normal file handling, requiring the file to be processed by the affected system.
OpenCVE Enrichment