Description
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw in Apple’s memory management can lead to kernel memory corruption or unexpected system termination. The vulnerability is remote in nature, and its exploitation would allow an attacker to corrupt privileged memory, which could be leveraged for privilege escalation or denial of service.

Affected Systems

Apple devices running iOS, iPadOS, macOS, tvOS, visionOS, and watchOS may be affected. The fix is included in iOS 18.7.9 or 26.5, iPadOS 18.7.9 or 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

The CVSS score is 7.5 and the EPSS score is < 1%. However, the nature of the flaw and its kernel‑level impact imply a high severity. The vulnerability is not currently listed in the CISA KEV catalog and no public exploits are known, yet the potential for remote exploitation warrants vigilance and swift remediation.

Generated by OpenCVE AI on May 13, 2026 at 00:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OS updates that include the fix for the affected products: iOS 18.7.9 or 26.5, iPadOS 18.7.9 or 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
  • If updates are not yet available for a device, follow Apple’s support guidance to disable or limit usage of the features that may trigger the flaw, thereby reducing the attack surface.
  • Continuously monitor Apple’s security advisories for additional mitigations or patch releases and validate that devices remain updated.

Generated by OpenCVE AI on May 13, 2026 at 00:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 00:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Apple Systems Causes Kernel Corruption and System Termination

Tue, 12 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Causing Kernel Memory Corruption on Apple OS
Weaknesses CWE-122

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Causing Kernel Memory Corruption on Apple OS
Weaknesses CWE-122
CWE-416

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T18:06:48.480Z

Reserved: 2026-05-01T22:46:21.640Z

Link: CVE-2026-43668

cve-icon Vulnrichment

Updated: 2026-05-12T18:06:41.320Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:19:02.023

Modified: 2026-05-12T18:17:28.087

Link: CVE-2026-43668

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T00:15:27Z

Weaknesses