Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
Published: 2026-02-11
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from incorrect memory handling during image processing on Apple operating systems, leading a crafted image to expose portions of process memory and potentially reveal sensitive data. This fault aligns with improper memory management and results in information disclosure.

Affected Systems

Apple devices running iOS, iPadOS, macOS, tvOS, visionOS, or watchOS are affected when they are not updated to the versions specified in the advisory. The fix is available in iOS 18.7.5 and 26.3, iPadOS 18.7.5 and 26.3, macOS Sequoia 15.7.4, Sonoma 14.8.4, Tahoe 26.3, tvOS 26.3, visionOS 26.3, and watchOS 26.3.

Risk and Exploitability

The CVSS base score of 5.5 indicates moderate severity. EPSS is below 1 %, meaning the chance of exploitation is low. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to deliver a malicious image to the target device, likely through software that accepts image input or via a compromised app. Based on the description, the attack vector is inferred to be remote or local through unsolicited image content.

Generated by OpenCVE AI on April 16, 2026 at 00:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all affected Apple devices to the patched releases: iOS 18.7.5/26.3, iPadOS 18.7.5/26.3, macOS Sequoia 15.7.4, Sonoma 14.8.4, Tahoe 26.3, tvOS 26.3, visionOS 26.3, and watchOS 26.3.
  • If an update cannot be applied immediately, restrict the processing of untrusted images on the device, for example by disabling features that allow arbitrary image rendering from unknown sources or by using content filters.
  • Maintain regular monitoring of security advisories from Apple and apply future updates promptly to mitigate similar memory handling issues.

Generated by OpenCVE AI on April 16, 2026 at 00:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Title Memory Disclosure via Malicious Image Processing on Apple Platforms

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory. The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.

Fri, 13 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 12 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Feb 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Wed, 11 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:57.472Z

Reserved: 2025-11-11T14:43:07.861Z

Link: CVE-2026-20634

cve-icon Vulnrichment

Updated: 2026-02-12T21:21:25.891Z

cve-icon NVD

Status : Modified

Published: 2026-02-11T23:16:06.610

Modified: 2026-04-02T19:21:13.567

Link: CVE-2026-20634

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T01:00:19Z

Weaknesses