Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
Published: 2026-02-11
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A malicious Human‑Interface Device can trigger an unexpected crash of an application or process due to insufficient bounds checking, which the vendor has addressed with improved bound checks; based on the description, it is inferred that the original checks were inadequate. The flaw can cause a denial of service by terminating or destabilizing software components. The vulnerability represents a classic input validation weakness (CWE‑400) that can be exploited by supplying crafted HID input to an otherwise untrusted interface.

Affected Systems

Apple clients running iOS 18.7.5 or later, iPadOS 18.7.5 or later, macOS Sequoia 15.7.4 or later, macOS Sonoma 14.8.4 or later, macOS Tahoe 26.2 or later, tvOS 26.2, visionOS 26.2, and watchOS 26.2 are covered by the fix. The issue is tied to the operating systems listed, and no specific application or device subset is singled out beyond the distinct Apple platforms.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate risk. EPSS shows less than 1 % probability, suggesting low likelihood of exploitation in the wild. The flaw is not currently listed in CISA’s KEV catalog. Based on the description, the likely attack vector involves an attacker physically connecting a malicious HID to the target device or remote manipulation of an already connected HID device. No additional conditions are reported, so the vulnerability appears independent of user privileges and observable through normal device operation.

Generated by OpenCVE AI on April 27, 2026 at 21:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device’s operating system to the latest supported releases (iOS 18.7.5 or newer, iPadOS 18.7.5 or newer, macOS Sequoia 15.7.4 or newer, macOS Sonoma 14.8.4 or newer, macOS Tahoe 26.2 or newer, tvOS 26.2 or newer, visionOS 26.2 or newer, or watchOS 26.2 or newer).
  • When updating, reinstall or reconnect any peripheral devices to ensure they are compatible with the patched OS.
  • Avoid connecting unknown or untrusted HID devices; restrict or monitor USB and Bluetooth HID connections to reduce exposure to malformed input.

Generated by OpenCVE AI on April 27, 2026 at 21:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash. The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.
References

Fri, 13 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Fri, 13 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 12 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4. A malicious HID device may cause an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-07T14:34:15.886Z

Reserved: 2025-04-22T21:13:49.960Z

Link: CVE-2025-46304

cve-icon Vulnrichment

Updated: 2026-02-12T15:40:42.480Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:02.930

Modified: 2026-04-02T19:21:06.087

Link: CVE-2025-46304

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T21:15:05Z

Weaknesses