Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.
Published: 2025-12-12
Score: 8.8 High
EPSS: 5.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bounds‑check error in Apple operating systems causes memory corruption during file processing. The flaw arises when the system fails to enforce proper size limits, leading to incorrect memory writes. The impact is corruption of memory buffers, which can destabilize affected processes or, in severe cases, compromise system integrity if exploited carefully.

Affected Systems

The vulnerability affects all Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS releases prior to the firmware updates that introduce improved bounds checks. The corrected versions are iOS 18.7.3 or 26.2, iPadOS 18.7.3 or 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2. Devices running earlier builds remain vulnerable.

Risk and Exploitability

The CVSS score of 8.8 classifies the flaw as high severity, and an EPSS score of 6% indicates a moderate likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. No explicit remote execution vector is documented; exploitation would typically involve supplying a crafted or malicious file that triggers the memory‑corruption path during normal file handling, requiring the file to be processed by the affected system.

Generated by OpenCVE AI on June 18, 2026 at 06:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all Apple devices to the latest available releases (iOS 18.7.3 or 26.2, iPadOS 18.7.3 or 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2 or newer).
  • Avoid opening or executing untrusted or suspicious files until the device has been updated.
  • Perform a full system reboot after applying the update to clear any potentially corrupted memory buffers.

Generated by OpenCVE AI on June 18, 2026 at 06:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Memory corruption from improper bounds check during file processing in Apple operating systems

Tue, 16 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Title Apple OS Bounds-Check Bug Causing Memory Corruption

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Apple OS Bounds-Check Bug Causing Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption. The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption. The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
References

Tue, 16 Dec 2025 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:53.239Z

Reserved: 2025-04-16T15:27:21.198Z

Link: CVE-2025-43539

cve-icon Vulnrichment

Updated: 2025-12-15T20:31:15.184Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:57.583

Modified: 2026-06-17T09:24:13.867

Link: CVE-2025-43539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T06:15:14Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-787

    Out-of-bounds Write