Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
Published: 2026-05-11
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from improper memory handling in Apple’s operating systems. An attacker able to send crafted data over the local network can trigger a fault that leads to a denial‑of‑service, bringing affected devices to a state where they become unresponsive or require a restart. The weakness involves CWE-400, representing uncontrolled resource consumption.

Affected Systems

The flaw impacts iOS and iPadOS, macOS, and tvOS. On iOS and iPadOS the affected versions are those prior to 18.7.9 and 26.5, on macOS the Sonoma 14.8.7 and Tahoe 26.5 families, and on tvOS versions before 26.5. Devices running newer releases incorporate the patch that corrects the memory handling issue.

Risk and Exploitability

The CVSS score is 6.2, indicating moderate severity. The EPSS score is <1%, indicating a low but nonzero exploitation probability, and the vulnerability is not listed in CISA’s KEV catalogue, suggesting that public exploitation has not been recorded. However, because the attack vector is local network activity, a threat actor positioned on the same network as the device can potentially induce the denial‑of‑service. The absence of a publicly available exploit does not reduce the risk to organizations that host exposed Apple devices.

Generated by OpenCVE AI on May 12, 2026 at 23:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Apple iOS, iPadOS, macOS, and tvOS to the latest releases that contain the memory handling fix (iOS 18.7.9 / iPadOS 18.7.9 / iOS 26.5 / iPadOS 26.5 / macOS Sonoma 14.8.7 / macOS Tahoe 26.5 / tvOS 26.5).
  • Limit or block local network access to devices when possible, using network segmentation or firewall rules to reduce exposure to local attackers.
  • Use Apple Business Manager or Mobile Device Management tools to enforce OS updates and maintain a compliant device fleet.

Generated by OpenCVE AI on May 12, 2026 at 23:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 00:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Improper Memory Handling in Apple Operating Systems

Tue, 12 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Apple OS Local Network Memory Handling Bug Causing Denial of Service
Weaknesses CWE-125
CWE-787

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Apple OS Local Network Memory Handling Bug Causing Denial of Service
Weaknesses CWE-125
CWE-787

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
References

Subscriptions

Apple Ios And Ipados Macos Tvos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T18:12:38.740Z

Reserved: 2026-05-01T22:46:21.639Z

Link: CVE-2026-43653

cve-icon Vulnrichment

Updated: 2026-05-12T18:10:59.252Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:19:01.070

Modified: 2026-05-12T19:16:33.623

Link: CVE-2026-43653

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses