Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.
Published: 2026-05-11
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds read exists in several Apple operating systems. The flaw allows an application to read memory beyond its intended range, which may expose kernel memory contents or trigger unexpected system termination. The impact could compromise sensitive data held by the kernel, or destabilize the device by forcing a crash.

Affected Systems

Affected products include Apple iOS, iPadOS, macOS (internal code name Tahoe), tvOS, and watchOS. Versions prior to 26.5 on each platform are vulnerable; the issue is remedied in iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.

Risk and Exploitability

The CVSS score is 7.3, and the EPSS score is less than 1%, but the vulnerability is listed as not in the CISA KEV catalog. Because it permits an out-of-bounds read that could access privileged kernel memory, the risk of exploitation is significant. The attack vector is not explicitly enumerated in the advisory; however, it is inferred that any application executing the vulnerable code could be leveraged, potentially requiring local execution or cooperation from a malicious app context.

Generated by OpenCVE AI on May 12, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all Apple devices to iOS 26.5 or newer, macOS Tahoe 26.5 and later, tvOS 26.5 or later, and watchOS 26.5 or later
  • Ensure that all devices run the latest security updates by configuring automatic updates where possible
  • Remove or restrict installation of applications that may trigger the vulnerable code until a patch is applied

Generated by OpenCVE AI on May 12, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Allowing Kernel Memory Disclosure or System Crash

Tue, 12 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read Allowing Kernel Memory Disclosure or System Crash
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple watchos
Weaknesses CWE-125
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T17:25:48.797Z

Reserved: 2026-05-01T22:46:21.639Z

Link: CVE-2026-43655

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:19:01.280

Modified: 2026-05-12T18:17:27.333

Link: CVE-2026-43655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:30:25Z

Weaknesses