Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Published: 2026-02-11
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability results from an insufficient bounds check when processing input from HID devices. A malicious HID device could trigger an unexpected process crash, creating a denial‑of‑service condition that affects the stability and availability of the affected services or applications. This weakness is classified as CWE‑119, a classic buffer overflow or out‑of‑bounds access issue.

Affected Systems

Apple releases list the flaw in iOS 18.7.5 and iOS 26.2, iPadOS 18.7.5 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2. All of the named operating systems and versions are impacted.

Risk and Exploitability

The CVSS score of 5.7 indicates a moderate severity level. The EPSS score of less than 1% shows that exploit attempts are very unlikely at present. The vulnerability is not listed in the CISA KEV catalog, so no known active exploits are documented. Because the flaw is triggered by a malicious HID device, the most likely attack scenario involves physically attaching the device or otherwise controlling it before the update is applied.

Generated by OpenCVE AI on April 22, 2026 at 20:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS update for the relevant Apple product: iOS 18.7.5 or 26.2 for iPhone and iPad; macOS Sequoia 15.7.4, Sonoma 14.8.4, or Tahoe 26.2 for Macs; tvOS, visionOS, and watchOS 26.2 for their respective devices.
  • Before applying the update, disconnect any untrusted or unfamiliar HID peripherals and avoid connecting new devices until the security patch is installed.
  • Enable device filtering or use existing macOS or iOS enterprise controls to restrict the types of HID devices that can pair or connect to the system, and monitor for any unexpected HID device activity.

Generated by OpenCVE AI on April 22, 2026 at 20:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title HID Device Crash Vulnerability in Apple Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
References

Fri, 13 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Fri, 13 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 12 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:08.532Z

Reserved: 2025-04-22T21:13:49.960Z

Link: CVE-2025-46300

cve-icon Vulnrichment

Updated: 2026-02-12T16:50:50.387Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:02.527

Modified: 2026-04-02T19:21:05.337

Link: CVE-2025-46300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:15:20Z

Weaknesses