Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
Published: 2026-05-11
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write bug was fixed with improved bounds checking in Apple operating systems. The flaw allows a local attacker on a shared network to trigger a denial‑of‑service condition, potentially causing the device or affected application to crash or become unresponsive. The impact is limited to the device’s availability and does not expose user data or enable further compromise.

Affected Systems

Apple iOS versions 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5 are affected. All affected systems are exposed to local network traffic when the bug is exploitable.

Risk and Exploitability

The EPSS score is < 1% and the CVSS score is 6.2; the vulnerability is not listed in the CISA KEV catalog. The low EPSS indicates a very low probability of exploitation, but the local denial of service remains a concern in environments where devices are accessible over a local network. An attacker with network access can trigger the fault, leading to service interruption. The vulnerability does not provide remote code execution or privilege escalation, so the risk is primarily confined to availability issues.

Generated by OpenCVE AI on May 12, 2026 at 23:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest operating‑system update for the affected platform as listed above
  • Restrict device access to trusted networks or configure local firewalls to block unsolicited local‑network traffic that is not required
  • Monitor device logs for repeated crashes or service interruptions and consider temporarily disabling affected local services per Apple guidance

Generated by OpenCVE AI on May 12, 2026 at 23:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Apple OS Local Network Denial‑of‑Service via Out‑of‑Bounds Write

Tue, 12 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title Apple OS Local Network DoS via Out‑of‑Bounds Write
Weaknesses CWE-119

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Apple OS Local Network DoS via Out‑of‑Bounds Write
Weaknesses CWE-119
CWE-787

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T17:17:23.910Z

Reserved: 2026-05-01T22:46:21.640Z

Link: CVE-2026-43666

cve-icon Vulnrichment

Updated: 2026-05-12T17:17:12.442Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:19:01.920

Modified: 2026-05-12T18:17:27.877

Link: CVE-2026-43666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T00:00:17Z

Weaknesses