Description
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to gain root privileges.
Published: 2025-12-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Root Privilege Escalation
Action: Patch Now
AI Analysis

Impact

An integer overflow occurs when 32‑bit timestamps are handled in Core OS. The fault was corrected by switching to 64‑bit timestamps. The overflow can allow an application to write beyond expected bounds, potentially elevating its privileges to root and enabling arbitrary code execution with system-level authority. The flaw essentially permits an attacker who can run code on the affected device to gain control over the entire operating system.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. The issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2, iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2. Devices running any earlier firmware are vulnerable.

Risk and Exploitability

The CVSS base score of 7.8 indicates a high potential for successful exploitation. The EPSS score is below 1 %, implying that predicted real‑world use is very low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that a local attacker must be able to install or run a malicious application on the device. Consequently, the vector is locally executable code, and only devices with the vulnerable timestamp handling paths can be impacted. No known network‑based or remote exploitation is described.

Generated by OpenCVE AI on April 27, 2026 at 22:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest OS release that includes the fix (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, etc.).
  • Disable or restrict the installation of third‑party applications until the patch has been applied by turning off the App Store or applying an MDM profile that blocks app installation.
  • Enable and monitor security features such as Gatekeeper or Runtime Protection to detect and block anomalous privilege‑escalation attempts.

Generated by OpenCVE AI on April 27, 2026 at 22:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Core OS Timestamps Enabling Root Privilege Escalation

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges. An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to gain root privileges.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root privileges. An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
References

Mon, 15 Dec 2025 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Dec 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to gain root privileges.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:08.230Z

Reserved: 2025-04-22T21:13:49.958Z

Link: CVE-2025-46285

cve-icon Vulnrichment

Updated: 2025-12-15T13:42:49.595Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:57.863

Modified: 2026-04-02T19:21:03.493

Link: CVE-2025-46285

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:45:15Z

Weaknesses