Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.
Published: 2026-02-11
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (system process crash)
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from improper memory handling that allows a malicious application to crash a system process, resulting in a denial‑of‑service condition. The flaw pertains to buffer boundaries, aligning with CWE‑119. No evidence suggests that the flaw leads to remote code execution or data compromise—its primary effect is to interrupt operating system services.

Affected Systems

Apple’s iOS, iPadOS, and macOS running any firmware version earlier than iOS 18.7.5, iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, or macOS Tahoe 26.3. Devices must be on these or later releases to be protected.

Risk and Exploitability

The CVSS score of 4.6 indicates moderate severity, while the EPSS score of less than 1% shows a very low probability of exploitation in the short term. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local; a user or an application installed on the device needs to execute code that triggers the memory bug, which then crashes a system process. The exploit does not appear to provide elevated privilege or data theft.

Generated by OpenCVE AI on April 15, 2026 at 20:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 18.7.5 or iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, or macOS Tahoe 26.3, which contain the memory‑handling fix.
  • Reboot the device after the update to ensure all system processes start with the corrected code.
  • Keep the device’s operating system up‑to‑date by enabling automatic updates or regularly checking for new releases.

Generated by OpenCVE AI on April 15, 2026 at 20:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Title Application Crash via Improper Memory Handling

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process. The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to crash a system process.

Fri, 13 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 12 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to crash a system process.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:22.439Z

Reserved: 2025-11-11T14:43:07.857Z

Link: CVE-2026-20605

cve-icon Vulnrichment

Updated: 2026-02-12T17:48:27.247Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:04.210

Modified: 2026-04-02T19:21:08.497

Link: CVE-2026-20605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:00:09Z

Weaknesses