CVE-2025-43510
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Tags
Description
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Analysis
Apple kernel lock state checking flaw allows a malicious application to cause unexpected changes in memory shared between processes, potentially enabling cross-process data manipulation on iOS, macOS, and other Apple platforms.
Technical Context
The CWE-667 improper locking flaw means the kernel fails to properly validate lock states when processes access shared memory regions. This race condition allows a malicious app to modify memory that other processes rely on for integrity.
Affected Products
['Apple watchOS before 26.1', 'Apple iOS/iPadOS before 18.7.2', 'Apple macOS Tahoe before 26.1', 'Apple visionOS before 26.1', 'Apple tvOS before 26.1', 'Apple macOS Sonoma before 14.8.2', 'Apple macOS Sequoia before 15.7.2']
Remediation
Apply the latest Apple security updates across all devices. This vulnerability is typically chained with other exploits, so patching all concurrent Apple advisories is essential.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today