Apple
CVE-2025-43520
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
AnalysisAI
Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1.
Technical ContextAI
The flaw (CWE-787) stems from improper memory handling in the kernel, where a malicious app can trigger an out-of-bounds write to kernel memory pages. Apple addressed this with improved memory handling across all affected platforms.
RemediationAI
Update all Apple devices to the latest OS versions. Enterprise environments should enforce MDM policies requiring minimum OS versions and restrict sideloading of applications.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today