CVE-2026-20611
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Analysis
Memory corruption in Apple's media processing across iOS, macOS, watchOS, tvOS, and visionOS allows local attackers to crash applications or corrupt process memory by supplying specially crafted media files. An attacker with local access and user interaction can trigger out-of-bounds memory access during media file parsing, potentially leading to arbitrary code execution or denial of service. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Apple devices across the organization and identify those running affected OS versions (iOS/iPadOS below 18.7.5, macOS Sonoma below 14.8.4, macOS Sequoia below 15.7.4, and other affected platforms). Within 7 days: Develop and communicate a phased patching schedule prioritizing high-risk endpoints (executive devices, healthcare systems, critical infrastructure access points). …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today