macOS
CVE-2025-43402
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.
AnalysisAI
Memory corruption in macOS kernel allows authenticated local users to execute arbitrary code or crash the system. Apple fixed the vulnerability via improved memory handling in macOS Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.1. With CVSS 7.8 (High severity) reflecting local attack vector requiring low privileges, and EPSS at 0.01% (2nd percentile), this represents a moderate real-world risk despite high CVSS scoring. No public exploit identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).
Technical ContextAI
This vulnerability stems from an out-of-bounds write condition (CWE-787) in macOS kernel or system-level components, where improper memory handling allowed applications to write beyond allocated buffer boundaries. The CVSS vector indicates local attack execution (AV:L) with low complexity (AC:L), meaning a malicious application running on the system can reliably trigger the memory corruption without complex preconditions. The CPE designation covers all macOS versions prior to the patches, spanning three major OS releases: Sequoia (15.x), Sonoma (14.x), and the newly released Tahoe (26.x). Out-of-bounds write vulnerabilities in operating system kernels are particularly severe as they operate at privileged execution levels, enabling attackers to bypass security boundaries, corrupt kernel memory structures, or achieve code execution with elevated privileges. Apple's remediation through improved memory handling likely involves bounds checking, memory allocation validation, or migrating to memory-safe programming practices.
RemediationAI
Apple has released security updates addressing this vulnerability across all affected macOS versions. Users should immediately update to macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, or macOS Tahoe 26.1 depending on their current OS release. Updates can be applied through System Settings > General > Software Update on macOS Ventura and later, or System Preferences > Software Update on earlier versions. Enterprise administrators should deploy these updates through their mobile device management (MDM) solutions or Apple Software Update services. Complete vendor security advisories and update instructions are available at https://support.apple.com/en-us/125634, https://support.apple.com/en-us/126349, and https://support.apple.com/en-us/126350. No workarounds are available for this kernel-level memory corruption issue-patching is the only effective mitigation. Organizations unable to immediately patch should implement compensating controls including application allowlisting to prevent execution of untrusted applications, enhanced monitoring for system crashes or memory corruption indicators, and restricted local user privileges on sensitive systems.
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth
This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today