Skip to main content

Apple Operating Systems CVE-2026-43654

| EUVDEUVD-2026-29300 HIGH
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-05-11 apple GHSA-qgc2-9f9f-gp28
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
May 14, 2026 - 12:22 vuln.today
CVSS changed
May 14, 2026 - 12:22 NVD
7.5 (HIGH)
Patch available
May 11, 2026 - 22:18 EUVD
CVE Published
May 11, 2026 - 20:08 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:08 nvd
HIGH 7.5

DescriptionCVE.org

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.

AnalysisAI

Kernel memory disclosure vulnerability affects all major Apple operating systems through improper memory handling. Malicious apps can read sensitive kernel memory contents remotely without authentication (CVSS 7.5, AV:N). Apple has released patches across iOS/iPadOS (versions 18.7.9 and 26.5), macOS (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5), tvOS 26.5, visionOS 26.5, and watchOS 26.5. Despite the network attack vector, EPSS score remains very low at 0.02% (7th percentile), suggesting limited real-world exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.

Technical ContextAI

This is a CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) vulnerability rooted in improper memory management at the kernel level. The flaw exists in the core memory handling routines shared across Apple's unified operating system architecture (Darwin kernel base). When applications interact with kernel memory through specific system calls or frameworks, insufficient bounds checking or sanitization allows reading beyond allocated buffers, exposing arbitrary kernel memory contents. The CVSS vector AV:N indicates the vulnerability can be triggered through network-facing application interfaces, not requiring direct local code execution. Apple's fix involves improved memory validation and boundary enforcement in kernel memory operations, preventing out-of-bounds reads that could leak sensitive data like cryptographic keys, memory addresses (defeating ASLR), or other process data residing in kernel space.

RemediationAI

Vendor-released patches are available for all affected platforms. iOS and iPadOS users should update to version 18.7.9 or 26.5 (https://support.apple.com/en-us/127110, 127115). macOS users should upgrade to Sonoma 14.8.7, Sequoia 15.7.7, or Tahoe 26.5 depending on their major version (https://support.apple.com/en-us/127116, 127117, 127118). tvOS, visionOS, and watchOS users should update to version 26.5 (https://support.apple.com/en-us/127119, 127120, 127111). If immediate patching is not feasible, restrict installation of untrusted applications through Mobile Device Management (MDM) policies or screen time restrictions, though this provides incomplete protection if the vulnerability is truly network-exploitable as CVSS indicates. For enterprise environments, isolate vulnerable devices from untrusted networks and implement application allowlisting until patches can be deployed-note this increases operational overhead and may break legitimate workflows. Given the information disclosure nature (no integrity or availability impact), compensating controls should focus on limiting access to sensitive data processed on vulnerable devices rather than attempting to prevent the vulnerability itself.

Share

CVE-2026-43654 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy