Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination.
AnalysisAI
Improper memory handling in Apple iOS, iPadOS, and macOS allows remote denial of service when processing maliciously crafted files, potentially causing unexpected application crashes. An attacker can trigger this vulnerability by delivering a specially crafted file to a victim, resulting in app termination without requiring user privileges or interaction beyond opening the file. No patch is currently available for this medium-severity vulnerability affecting multiple Apple platforms.
Technical ContextAI
The vulnerability resides in Apple's file parsing mechanisms, which handle maliciously crafted input files without proper memory bounds checking or validation. The affected components span across multiple Apple operating systems (iOS, iPadOS, and macOS) as indicated by the broad CPE classifications (cpe:2.3:a:apple:ios_and_ipados and cpe:2.3:a:apple:macos), suggesting the issue may be in a shared code library or framework used across these platforms. While no specific CWE is provided, the vulnerability class relates to improper memory management—likely CWE-119 (Buffer Overflow), CWE-125 (Out-of-bounds Read), or CWE-787 (Out-of-bounds Write)—where insufficient validation of file structure or size parameters allows malformed input to cause memory access violations. The fix indicates Apple implemented improved memory handling, such as bounds checking, safe memory allocation practices, or stricter input validation in the file parsing routines.
RemediationAI
Immediate remediation requires upgrading affected devices to the patched versions: iOS and iPadOS users must update to version 18.7.7 or later, macOS Sequoia users must update to 15.7.5 or later, and macOS Sonoma users must update to 14.8.5 or later. These updates are available through each platform's system software update mechanism (Settings > General > Software Update on iOS/iPadOS; System Settings > General > Software Update on macOS). For enterprise deployments, administrators should use Mobile Device Management (MDM) tools to enforce and track software updates across managed devices. Until patching can be completed, users should avoid opening files from untrusted sources and disable automatic file preview features if available. Organizations should prioritize patching, particularly for devices handling sensitive file processing or exposed to external file inputs.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15047
GHSA-qm38-v5q7-v23r