Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
AnalysisAI
Out-of-bounds write in Apple operating systems allows local network attackers to cause denial-of-service via improved bounds checking bypass. Affects iOS/iPadOS (18.7.9+, 26.5+), macOS Sequoia (15.7.7+), Sonoma (14.8.7+), Tahoe (26.5+), tvOS (26.5+), visionOS (26.5+), and watchOS (26.5+). EPSS score of 0.02% indicates very low real-world exploitation probability despite local attack vector.
Technical ContextAI
This vulnerability is a classic out-of-bounds write flaw (CWE-787) - a memory corruption issue where code writes data beyond the allocated bounds of a buffer. The improved bounds checking fix suggests the underlying code was not properly validating buffer sizes or array indices before write operations. Across the affected CPE products (Apple iOS/iPadOS, macOS variants, tvOS, visionOS, watchOS), the specific component performing the vulnerable write operation is not named in the public description, indicating Apple may be withholding technical details to avoid aiding exploitation. The local network requirement constrains attack surface to devices sharing network segments, unlike remotely exploitable buffer overflows.
RemediationAI
Vendor-released patches available: upgrade iOS/iPadOS to 18.7.9 or 26.5 or later, macOS Sequoia to 15.7.7 or later, macOS Sonoma to 14.8.7 or later, macOS Tahoe to 26.5 or later, tvOS to 26.5 or later, visionOS to 26.5 or later, and watchOS to 26.5 or later. Patches are delivered via Apple Software Update on each platform. For systems that cannot be patched immediately, restrict network access from untrusted local networks by disabling Wi-Fi connectivity in hostile environments or using network segmentation (VLANs, firewalls) to isolate vulnerable devices from untrusted subnets. This mitigation does not eliminate risk on shared networks (offices, public Wi-Fi) where attackers may be present. Prioritize patching for devices frequently exposed to untrusted local networks (tablets, watches, Macs in offices). Refer to Apple support articles 127110-127120 for detailed patching instructions per device type.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29307
GHSA-cm8r-x63q-3wvp