CVE-2025-43424

MEDIUM
2025-11-04 [email protected]
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 13, 2026 - 20:30 vuln.today
CVE Published
Nov 04, 2025 - 02:15 nvd
MEDIUM 6.5

Tags

Buffer Overflow Apple

Description

The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash.

Analysis

Buffer overflow vulnerability (CWE-119) in Apple's HID (Human Interface Device) subsystem affecting macOS Tahoe, iOS, and iPadOS that allows a malicious or compromised HID device to trigger an unexpected process crash, resulting in denial of service. The vulnerability requires adjacent network access and no user interaction, but does not compromise confidentiality or integrity. Apple has patched this issue in version 26.1 across affected platforms.

Technical Context

This vulnerability exists in Apple's HID driver/subsystem, which handles input from human interface devices (keyboards, mice, USB devices, Bluetooth peripherals, etc.). The root cause is improper bounds checking (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) in HID packet processing logic. When a malicious HID device sends specially crafted input packets that exceed expected buffer boundaries, the kernel or user-space HID daemon processes these packets without adequate validation, leading to out-of-bounds memory access. The affected CPE strings indicate this impacts: (1) Apple iPadOS (all versions prior to 26.1), (2) Apple iPhone OS/iOS (all versions prior to 26.1), and by extension macOS Tahoe (version < 26.1). The vulnerability is triggered at the HID protocol handling layer, likely during device enumeration or input event processing.

Affected Products

- product: Apple macOS Tahoe; affected_versions: < 26.1; fixed_version: 26.1; advisory: https://support.apple.com/en-us/125632 - product: Apple iOS (iPhone OS); affected_versions: < 26.1; fixed_version: 26.1; advisory: https://support.apple.com/en-us/125632 - product: Apple iPadOS; affected_versions: < 26.1; fixed_version: 26.1; advisory: https://support.apple.com/en-us/125634

Remediation

Immediate patch installation is recommended: (1) Update macOS to Tahoe 26.1 or later, (2) Update iOS to 26.1 or later, (3) Update iPadOS to 26.1 or later. Patches are available via Apple's Software Update mechanism. For organizations unable to patch immediately: (1) Restrict physical access to USB ports and avoid untrusted HID devices, (2) Disable Bluetooth and external input device connections when not needed, (3) Monitor for unexpected process crashes related to IOKit or HID daemons (kernel_task, corehid). Detailed patch information available at https://support.apple.com/en-us/125632 (macOS/iOS) and https://support.apple.com/en-us/125634 (iPadOS). No workarounds exist beyond restricting device access.

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +32
POC: 0

Share

CVE-2025-43424 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy