The vulnerability arises from insufficient input sanitization, allowing untrusted data to dictate writes to kernel memory. An attacker could target an application to trigger the flaw, resulting in unexpected system termination or a corrupt kernel state that may be leveraged for code execution. The primary impact is the ability to modify critical memory structures within the operating system, effectively granting attackers full control over the device.

Apple iOS, iPadOS, and macOS devices running versions prior to iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 are affected. The issue is fixed in those release versions, so any device not updated to these builds remains vulnerable.

The lack of a public EPSS score or inclusion in CISA KEV makes the exact likelihood of exploitation uncertain, but the described kernel memory write represents a high‑severity flaw. Based on description the likely attack vector is via a malicious or compromised application that supplies crafted input, thereby triggering the kernel write. Because no CVSS score is provided, the risk assessment relies on the criticality of the kernel write and the potential for arbitrary code execution. Until devices are updated, any application that can be controlled by an attacker constitutes a plausible path to exploit the flaw.