iOS
CVE-2025-43226
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.
AnalysisAI
Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.
Technical ContextAI
This vulnerability is a classic out-of-bounds read vulnerability (CWE-125) in image processing code across Apple's operating systems. The root cause stems from insufficient input validation when parsing maliciously crafted image files, allowing an attacker to read memory beyond allocated buffer boundaries. The flaw resides in image handling routines present across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS-all leveraging shared image processing libraries. The local attack vector (AV:L) means the attacker must have some level of system access, though no privilege escalation (PR:N) is required. The attack exploits a memory safety issue commonly found in C/C++ code where image dimension or size fields are not properly validated before being used in buffer operations.
RemediationAI
Apply the following vendor-released patches immediately: iOS 18.6, iPadOS 18.6 (or iPadOS 17.7.9 for older iPad devices), macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. All patches address the input validation flaw in image processing. Users should enable automatic security updates in System Preferences (macOS) or Settings (iOS/iPadOS/tvOS/watchOS) to receive patches automatically. Organizations managing Apple devices should prioritize deployment within 30 days but need not declare emergency status given low EPSS and local-only attack vector. No interim workarounds are available other than avoiding processing untrusted image files. Full details and download links are available in Apple's security advisories at https://support.apple.com/en-us/124147 and related support pages.
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensiti
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticate
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionO
Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS
A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerabi
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today