Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
AnalysisAI
High confidentiality information disclosure across Apple's ecosystem (iOS, iPadOS, macOS, visionOS) allows remote unauthenticated attackers to extract sensitive data by delivering a maliciously crafted file. The vulnerability affects all current Apple operating systems and was fixed in March 2026 security updates (iOS/iPadOS 18.7.9/26.5, macOS 14.8.7/26.5, visionOS 26.5). Despite CVSS 7.5 HIGH rating and network attack vector requiring no privileges, EPSS exploitation probability is very low at 0.02% (5th percentile), suggesting minimal real-world risk. No active exploitation confirmed (not in CISA KEV) and no public POC identified at time of analysis.
Technical ContextAI
This is an input validation vulnerability (CWE-20: Improper Input Validation) affecting file processing components across Apple's operating system family. The CVE spans multiple CPE entries for iOS/iPadOS, macOS (Sonoma and Tahoe releases), and visionOS, indicating a shared code component or framework handling file parsing. Apple addressed it with 'improved checks', suggesting insufficient validation of file structure, metadata, or embedded content that could be exploited to leak memory contents or filesystem data. The CVSS vector shows pure confidentiality impact (C:H/I:N/A:N) with no integrity or availability effects, distinguishing this from typical denial-of-service file parsing bugs. The description mentions 'unexpected app termination' which contradicts the CVSS availability score of None, suggesting the primary exploitable impact is information disclosure before termination occurs, or that Apple's initial description was conservative.
RemediationAI
Apply vendor-released security updates immediately: upgrade iOS and iPadOS to version 18.7.9 or 26.5 (depending on device generation), macOS Sonoma to 14.8.7, macOS Tahoe to 26.5, and visionOS to 26.5 as documented in Apple security advisories HT127110, HT127111, HT127115, HT127117, and HT127120 (https://support.apple.com/en-us/127110 through 127120). For devices unable to immediately patch, implement defense-in-depth controls: disable automatic file preview in Mail and Messages applications (Settings > Mail > Load Remote Content, Settings > Messages > Low Quality Image Mode), restrict AirDrop to Contacts Only (Settings > General > AirDrop), and train users to avoid opening unsolicited files from unknown sources. Note that disabling preview features reduces usability and does not eliminate risk if users manually open malicious files. Configure Mobile Device Management (MDM) policies to enforce rapid security update deployment across enterprise devices. For high-security environments, consider temporarily restricting file sharing capabilities until patching is complete, accepting productivity impact as trade-off for information disclosure prevention.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29248
GHSA-c8pw-9v2c-4669