Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory.
AnalysisAI
Kernel memory disclosure vulnerability affects all major Apple operating systems through improper memory handling. Malicious apps can read sensitive kernel memory contents remotely without authentication (CVSS 7.5, AV:N). Apple has released patches across iOS/iPadOS (versions 18.7.9 and 26.5), macOS (Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5), tvOS 26.5, visionOS 26.5, and watchOS 26.5. Despite the network attack vector, EPSS score remains very low at 0.02% (7th percentile), suggesting limited real-world exploitation probability. No active exploitation confirmed (not in CISA KEV), and no public exploit code identified at time of analysis.
Technical ContextAI
This is a CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) vulnerability rooted in improper memory management at the kernel level. The flaw exists in the core memory handling routines shared across Apple's unified operating system architecture (Darwin kernel base). When applications interact with kernel memory through specific system calls or frameworks, insufficient bounds checking or sanitization allows reading beyond allocated buffers, exposing arbitrary kernel memory contents. The CVSS vector AV:N indicates the vulnerability can be triggered through network-facing application interfaces, not requiring direct local code execution. Apple's fix involves improved memory validation and boundary enforcement in kernel memory operations, preventing out-of-bounds reads that could leak sensitive data like cryptographic keys, memory addresses (defeating ASLR), or other process data residing in kernel space.
RemediationAI
Vendor-released patches are available for all affected platforms. iOS and iPadOS users should update to version 18.7.9 or 26.5 (https://support.apple.com/en-us/127110, 127115). macOS users should upgrade to Sonoma 14.8.7, Sequoia 15.7.7, or Tahoe 26.5 depending on their major version (https://support.apple.com/en-us/127116, 127117, 127118). tvOS, visionOS, and watchOS users should update to version 26.5 (https://support.apple.com/en-us/127119, 127120, 127111). If immediate patching is not feasible, restrict installation of untrusted applications through Mobile Device Management (MDM) policies or screen time restrictions, though this provides incomplete protection if the vulnerability is truly network-exploitable as CVSS indicates. For enterprise environments, isolate vulnerable devices from untrusted networks and implement application allowlisting until patches can be deployed-note this increases operational overhead and may break legitimate workflows. Given the information disclosure nature (no integrity or availability impact), compensating controls should focus on limiting access to sensitive data processed on vulnerable devices rather than attempting to prevent the vulnerability itself.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29300
GHSA-qgc2-9f9f-gp28