A flaw in the image processing subsystem, classified as a memory corruption vulnerability (CWE-119), can corrupt the memory of any process that handles a maliciously crafted image. The corruption may overwrite critical data structures and allow an attacker to achieve arbitrary code execution or escalated privileges. Based on the description, it is inferred that a local or remote attacker who can supply such an image could engage the vulnerability, though the exact attack vector is not explicitly documented.

Apple products including iOS, iPadOS, macOS, tvOS, and visionOS are affected. The defect was addressed in iOS 18.7.9, iOS 26.5, iPadOS 18.7.9, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5. Devices running older releases without these updates remain vulnerable.

The EPSS score indicates a very low probability of exploitation (<1%) and, as the vulnerability is not listed in CISA’s KEV catalog, there are no known public exploits as of now. Nevertheless, the nature of the memory corruption gives the scenario a high potential impact; an attacker with the ability to provide a crafted image could trigger the flaw. The CVSS score of 7.5 indicates high severity, but the combination of the vulnerability type and lack of mitigation alone warrants prompt remediation.