Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.
Published: 2025-12-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption potentially enabling arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

Apple devices contain a bounds‑check bug that can corrupt memory when a file is processed. The vulnerability could allow an attacker to manipulate memory contents, potentially leading to arbitrary code execution or system instability. The weakness is classified under CWE‑119 (Buffer Overflow) and CWE‑787 (Out‑of‑Bounds Write).

Affected Systems

Affected Apple operating systems include iOS 18.7.3 and later, iOS 26.2 and later, iPadOS 18.7.3 and later, iPadOS 26.2 and later, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2. All listed versions incorporate the mitigation for this issue.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. The EPSS score of less than 1% suggests a low likelihood of exploitation as of the latest data. The vulnerability is not in the CISA KEV catalog. The attack vector is inferred to be local file handling, meaning a malicious or corrupted file could be introduced via user, email, or other storage media to trigger the failure. A successful exploitation chain would likely require the attacker to gain control over the target device’s input pipeline without significant additional privileges.

Generated by OpenCVE AI on April 27, 2026 at 22:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all Apple devices to at least iOS 18.7.3, iOS 26.2, iPadOS 18.7.3, iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, or watchOS 26.2, or later versions when available.
  • Refrain from opening or executing any untrusted or suspicious files until the device has been upgraded.
  • If immediate upgrade is not possible, monitor device logs for memory corruption indicators and apply the patch as soon as it becomes available.

Generated by OpenCVE AI on April 27, 2026 at 22:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Apple OS Bounds-Check Bug Causing Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption. The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption. The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
References

Tue, 16 Dec 2025 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:53.239Z

Reserved: 2025-04-16T15:27:21.198Z

Link: CVE-2025-43539

cve-icon Vulnrichment

Updated: 2025-12-15T20:31:15.184Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:57.583

Modified: 2026-04-02T19:21:01.847

Link: CVE-2025-43539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:45:15Z

Weaknesses