Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.
Published: 2025-12-12
Score: 8.8 High
EPSS: 5.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Apple operating systems contain a bounds‑check bug that can corrupt memory when a file is processed. The flaw may allow an attacker to manipulate memory contents, leading potentially to arbitrary code execution or system instability. The weakness is classified under CWE‑119 and CWE‑787, though the specific impact of code execution is inferred from the memory corruption behavior.

Affected Systems

Versions of iOS, iPadOS, macOS, tvOS, visionOS, and watchOS that run before the fixed releases—iOS 18.7.3 or 26.2, iPadOS 18.7.3 or 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2—are vulnerable. All releases that include the improved bounds checks are considered secure.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity. An EPSS score of 6% suggests a moderate likelihood that this bug will be exploited. The vulnerability is not listed in the CISA KEV catalog. Likely exploitation would involve local file handling, where a malicious or corrupted file supplied by an attacker can trigger the memory corruption. The impact would depend on the context, but full exploitation would require an attacker to influence the file input pathway without additional privileges.

Generated by OpenCVE AI on June 16, 2026 at 06:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all Apple devices to the latest supported releases (iOS 18.7.3 or 26.2, iPadOS 18.7.3 or 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2 or later).
  • Avoid opening or executing untrusted or suspicious files until the device has been upgraded.
  • Monitor system logs for signs of memory corruption and apply the patch as soon as it becomes available.

Generated by OpenCVE AI on June 16, 2026 at 06:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Title Apple OS Bounds-Check Bug Causing Memory Corruption

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Apple OS Bounds-Check Bug Causing Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption. The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption. The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. Processing a file may lead to memory corruption.
References

Tue, 16 Dec 2025 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. Processing a file may lead to memory corruption.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:53.239Z

Reserved: 2025-04-16T15:27:21.198Z

Link: CVE-2025-43539

cve-icon Vulnrichment

Updated: 2025-12-15T20:31:15.184Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:57.583

Modified: 2026-04-02T19:21:01.847

Link: CVE-2025-43539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T06:45:16Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-787

    Out-of-bounds Write