Impact
An out-of-bounds write vulnerability was identified in Apple operating systems. The flaw allows an application to overwrite memory beyond intended limits, enabling arbitrary execution of code with kernel privileges. This vulnerability, classified as CWE-787, could compromise confidentiality, integrity, and availability by allowing attackers to run privileged code.
Affected Systems
Apple operating systems, specifically iOS, iPadOS, and macOS. The advisory states that the issue is fixed in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5; versions older than these releases are not explicitly documented as affected but are likely vulnerable.
Risk and Exploitability
The CVSS score of 5.4 indicates moderate severity, and the EPSS score of 7% suggests a moderate probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves a malicious or compromised local application capable of triggering the out-of-bounds write; remote exploitation would require additional conditions not detailed in the advisory.
OpenCVE Enrichment