CVE-2025-43402
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.
Analysis
Memory corruption in macOS kernel allows authenticated local users to execute arbitrary code or crash the system. Apple fixed the vulnerability via improved memory handling in macOS Sequoia 15.7.4, Sonoma 14.8.4, and Tahoe 26.1. With CVSS 7.8 (High severity) reflecting local attack vector requiring low privileges, and EPSS at 0.01% (2nd percentile), this represents a moderate real-world risk despite high CVSS scoring. No public exploit identified at time of analysis, and no evidence of active exploitation (not in CISA KEV).
Technical Context
This vulnerability stems from an out-of-bounds write condition (CWE-787) in macOS kernel or system-level components, where improper memory handling allowed applications to write beyond allocated buffer boundaries. The CVSS vector indicates local attack execution (AV:L) with low complexity (AC:L), meaning a malicious application running on the system can reliably trigger the memory corruption without complex preconditions. The CPE designation covers all macOS versions prior to the patches, spanning three major OS releases: Sequoia (15.x), Sonoma (14.x), and the newly released Tahoe (26.x). Out-of-bounds write vulnerabilities in operating system kernels are particularly severe as they operate at privileged execution levels, enabling attackers to bypass security boundaries, corrupt kernel memory structures, or achieve code execution with elevated privileges. Apple's remediation through improved memory handling likely involves bounds checking, memory allocation validation, or migrating to memory-safe programming practices.
Affected Products
The vulnerability affects Apple macOS across three major operating system releases. Specifically impacted are macOS Sequoia versions prior to 15.7.4, macOS Sonoma versions prior to 14.8.4, and macOS Tahoe versions prior to 26.1. The CPE identifier cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* encompasses all vulnerable macOS installations. Users running any version of these three macOS releases below the specified patched versions should consider their systems vulnerable to local privilege escalation and denial-of-service attacks through malicious applications. Apple's security advisories HT126349, HT126350, and HT125634 provide official confirmation of affected product versions and detailed release information.
Remediation
Apple has released security updates addressing this vulnerability across all affected macOS versions. Users should immediately update to macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, or macOS Tahoe 26.1 depending on their current OS release. Updates can be applied through System Settings > General > Software Update on macOS Ventura and later, or System Preferences > Software Update on earlier versions. Enterprise administrators should deploy these updates through their mobile device management (MDM) solutions or Apple Software Update services. Complete vendor security advisories and update instructions are available at https://support.apple.com/en-us/125634, https://support.apple.com/en-us/126349, and https://support.apple.com/en-us/126350. No workarounds are available for this kernel-level memory corruption issue-patching is the only effective mitigation. Organizations unable to immediately patch should implement compensating controls including application allowlisting to prevent execution of untrusted applications, enhanced monitoring for system crashes or memory corruption indicators, and restricted local user privileges on sensitive systems.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today