Impact
An out‑of‑bounds write in system input validation permits a malicious application to corrupt kernel memory, which may lead to unexpected system termination or arbitrary code execution. The flaw is a buffer overflow (CWE‑787).
Affected Systems
Apple operating systems iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. The vulnerability is fixed in iOS 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5 – devices running earlier versions remain vulnerable.
Risk and Exploitability
The CVSS score is 6.5, indicating medium severity, while the EPSS score is 1%, suggesting a low but non‑negligible exploitation likelihood. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is a user‑space application that passes crafted input to the system component; an attacker with the ability to install or run a malicious app locally could exploit the flaw to corrupt kernel memory, potentially leading to privilege escalation or code execution, although no public exploits are known at the time of this analysis.
OpenCVE Enrichment