Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Lifecycle Timeline
7DescriptionCVE.org
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.
AnalysisAI
Improper bounds checking in Apple macOS (Sequoia 15.7.4 and earlier, Sonoma 14.8.4 and earlier, Tahoe 26.3 and earlier) permits a local attacker to write out-of-bounds memory through a malicious application, potentially allowing modification of protected filesystem areas. The vulnerability requires user interaction to execute the malicious app and affects the file system's integrity rather than confidentiality. No patch is currently available for this out-of-bounds write condition.
Technical ContextAI
This vulnerability is classified as a buffer overflow or out-of-bounds write issue (related to CWE categories concerning memory safety) affecting Apple's macOS operating system across multiple major versions. The affected products span macOS Sequoia (15.x), macOS Sonoma (14.x), and macOS Tahoe (26.x) as indicated by CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. The root cause involves inadequate bounds checking in code that interacts with the file system, allowing an application with access to certain APIs to write beyond allocated buffer boundaries and corrupt protected file system regions. This type of memory safety issue typically enables attackers to escape application sandboxing or overwrite critical system structures.
RemediationAI
Immediately upgrade affected macOS systems to the patched versions: macOS Sequoia 15.7.5 or later, macOS Sonoma 14.8.5 or later, or macOS Tahoe 26.4 or later. Consult Apple's security advisories at https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796 for detailed patching instructions. Until patching can be completed, restrict execution of untrusted applications through Gatekeeper enforcement and Security & Privacy settings, monitor file system access logs for unusual write activity to protected directories, and maintain current backups of critical system files.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15093
GHSA-v2rp-wxm3-8hxp