CVE-2026-20687 - Vulnerability Details

- Use‑After‑Free Leading to Kernel Memory Write and System Termination in Apple Operating Systems

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.

Published: 2026-03-25

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a use‑after‑free flaw discovered in Apple operating systems. Application code can free an object that the still holds references to, after which the freed memory is reused. A malicious app that triggers this condition can write arbitrary data to kernel memory and can cause the system to terminate unexpectedly. The flaw is classified as CWE‑416 and presents a risk of kernel memory corruption.

Affected Systems

The issue affects various Apple platforms. On iOS and iPadOS, devices running any release prior to iOS 18.7.7 or iPadOS 18.7.7, and prior to iOS 26.4 or iPadOS 26.4, are vulnerable. macOS is affected on Sequoia 15.7.5 and Tahoe 26.4 releases and earlier. The same applies to tvOS 26.4 and watchOS 26.4. The problem was addressed and fixed in the listed releases, and higher‑version updates are recommended.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact vulnerability. The EPSS score of less than 1 % indicates low probability of exploitation in the wild. It is not listed in CISA's KEV catalog, suggesting no widespread exploitation has been reported. The likely attack vector is local; a malicious application that runs on the device can exploit the use‑after‑free to corrupt kernel memory, potentially causing a crash or creating a foothold for more severe damage. This inference is based on the nature of the flaw described.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 18.7.7
`0`	affected	< 26.4

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 15.7.5
`0`	affected	< 26.4

Apple

tvOS

affected

Version	Status	Constraints
`0`	affected	< 26.4

Apple

watchOS

affected

Version	Status	Constraints
`0`	affected	< 26.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

Vendor Product Confidence Versions

Apple

Ios And Ipados

100%

Version	Status	Scheme	Platform
`[0,18.7.7)`	affected	semver	—
`[0,26.4)`	affected	semver	—

Apple

Macos

100%

Version	Status	Scheme	Platform
`[0,15.7.5)`	affected	semver	—
`[0,26.4)`	affected	semver	—

Apple

Tvos

100%

Version	Status	Scheme	Platform
`[0,26.4)`	affected	semver	—

Apple

Watchos

100%

Version	Status	Scheme	Platform
`[0,26.4)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device to the latest supported firmware versions listed by Apple, including iOS 18.7.7 or 26.4, macOS Sequoia 15.7.5 or Tahoe 26.4, tvOS 26.4, and watchOS 26.4.
Avoid installing or running untrusted third‑party applications until the update is applied.
Check Apple support for any additional patches or advisories.

Generated by OpenCVE AI on March 25, 2026 at 22:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.apple.com/en-us/126792
https://support.apple.com/en-us/126793
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126795
https://support.apple.com/en-us/126797
https://support.apple.com/en-us/126798

History

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Title	Use‑After‑Free Leading to Kernel Memory Corruption and System Termination	Use‑After‑Free Leading to Kernel Memory Write and System Termination in Apple Operating Systems

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Use‑After‑Free Leading to Kernel Memory Corruption and System Termination

Wed, 25 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados Apple iphone Os
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple ipados Apple iphone Os

Wed, 25 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios And Ipados Apple macos Apple tvos Apple watchos
Vendors & Products		Apple Apple ios And Ipados Apple macos Apple tvos Apple watchos

Wed, 25 Mar 2026 01:00:00 +0000

Type	Values Removed	Values Added
Description		A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or write kernel memory.
References		https://support.apple.com/en-us/126792 https://support.apple.com/en-us/126793 https://support.apple.com/en-us/126794 https://support.apple.com/en-us/126795 https://support.apple.com/en-us/126797 https://support.apple.com/en-us/126798

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Watchos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2026-03-25T00:35:38.526Z

Updated: 2026-04-02T18:26:47.511Z

Reserved: 2025-11-11T14:43:07.873Z

Link: CVE-2026-20687

Vulnrichment

Updated: 2026-03-25T17:57:26.898Z

NVD

Status : Analyzed

Published: 2026-03-25T01:17:05.587

Modified: 2026-03-25T20:07:15.087

Link: CVE-2026-20687

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-26T12:17:40Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object