Skip to main content

Apple OS EUVDEUVD-2026-29301

| CVE-2026-43655 HIGH
Out-of-bounds Read (CWE-125)
2026-05-11 apple GHSA-6wgp-q874-jmmx
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 18:24 vuln.today
CVSS changed
May 12, 2026 - 18:22 NVD
7.3 (HIGH)
Patch available
May 11, 2026 - 22:18 EUVD
CVE Published
May 11, 2026 - 20:08 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:08 nvd
HIGH 7.3

DescriptionCVE.org

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory.

AnalysisAI

Out-of-bounds read in Apple operating systems allows malicious applications to crash the system or leak kernel memory across iOS/iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5. The vulnerability requires local application execution but no user interaction, enabling information disclosure and denial-of-service attacks. Despite high CVSS 7.3 scoring, the EPSS probability is very low (0.02%, 5th percentile), indicating minimal observed exploitation activity. Vendor-released patches are available for all affected platforms.

Technical ContextAI

This vulnerability stems from CWE-125 (Out-of-bounds Read), a memory safety issue where insufficient bounds validation allows reading beyond allocated buffer boundaries. The flaw exists in a shared kernel-level component across Apple's operating system ecosystem (iOS, iPadOS, macOS, tvOS, watchOS), likely within a system call or inter-process communication mechanism accessible to third-party applications. Out-of-bounds reads can expose sensitive kernel memory contents including cryptographic keys, memory addresses for ASLR bypass, or other processes' data. The cross-platform nature indicated by CPE strings (cpe:2.3:a:apple:ios_and_ipados, cpe:2.3:a:apple:macos, cpe:2.3:a:apple:tvos, cpe:2.3:a:apple:watchos) suggests the vulnerable code exists in Apple's shared XNU kernel or a common framework layer. Apple addressed this through improved bounds checking, a standard mitigation that validates read operations stay within allocated memory regions.

RemediationAI

Update all Apple devices to version 26.5 or later through standard update mechanisms: iOS/iPadOS 26.5 (Settings > General > Software Update), macOS Tahoe 26.5 (System Settings > General > Software Update), tvOS 26.5 (Settings > System > Software Updates), watchOS 26.5 (Watch app > General > Software Update). Vendor advisories with detailed installation instructions are at https://support.apple.com/en-us/127110, https://support.apple.com/en-us/127115, https://support.apple.com/en-us/127118, and https://support.apple.com/en-us/127119. For environments unable to immediately patch, implement compensating controls by restricting application installation to Apple App Store sources only (disable developer mode, remove enterprise MDM profiles allowing sideloading, block jailbreak tools) to prevent malicious app execution, though this significantly limits device functionality for development and testing workflows. No kernel-level workarounds exist since the flaw requires code-level bounds checking fixes.

Share

EUVD-2026-29301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy