iOS CVE-2025-43226
MEDIUMCVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.
AnalysisAI
Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.
Technical ContextAI
This vulnerability is a classic out-of-bounds read vulnerability (CWE-125) in image processing code across Apple's operating systems. The root cause stems from insufficient input validation when parsing maliciously crafted image files, allowing an attacker to read memory beyond allocated buffer boundaries. The flaw resides in image handling routines present across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS-all leveraging shared image processing libraries. The local attack vector (AV:L) means the attacker must have some level of system access, though no privilege escalation (PR:N) is required. The attack exploits a memory safety issue commonly found in C/C++ code where image dimension or size fields are not properly validated before being used in buffer operations.
RemediationAI
Apply the following vendor-released patches immediately: iOS 18.6, iPadOS 18.6 (or iPadOS 17.7.9 for older iPad devices), macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. All patches address the input validation flaw in image processing. Users should enable automatic security updates in System Preferences (macOS) or Settings (iOS/iPadOS/tvOS/watchOS) to receive patches automatically. Organizations managing Apple devices should prioritize deployment within 30 days but need not declare emergency status given low EPSS and local-only attack vector. No interim workarounds are available other than avoiding processing untrusted image files. Full details and download links are available in Apple's security advisories at https://support.apple.com/en-us/124147 and related support pages.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape
Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root
Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r
Share
External POC / Exploit Code
Leaving vuln.today