Skip to main content

Apple iOS, iPadOS, macOS, tvOS, visionOS, watchOS EUVDEUVD-2026-29307

| CVE-2026-43666 MEDIUM
Out-of-bounds Write (CWE-787)
2026-05-11 apple GHSA-cm8r-x63q-3wvp
6.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 18:26 vuln.today
CVSS changed
May 12, 2026 - 18:22 NVD
6.2 (MEDIUM)
Patch available
May 11, 2026 - 22:18 EUVD
CVE Published
May 11, 2026 - 20:07 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:07 nvd
MEDIUM 6.2

DescriptionCVE.org

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker on the local network may be able to cause a denial-of-service.

AnalysisAI

Out-of-bounds write in Apple operating systems allows local network attackers to cause denial-of-service via improved bounds checking bypass. Affects iOS/iPadOS (18.7.9+, 26.5+), macOS Sequoia (15.7.7+), Sonoma (14.8.7+), Tahoe (26.5+), tvOS (26.5+), visionOS (26.5+), and watchOS (26.5+). EPSS score of 0.02% indicates very low real-world exploitation probability despite local attack vector.

Technical ContextAI

This vulnerability is a classic out-of-bounds write flaw (CWE-787) - a memory corruption issue where code writes data beyond the allocated bounds of a buffer. The improved bounds checking fix suggests the underlying code was not properly validating buffer sizes or array indices before write operations. Across the affected CPE products (Apple iOS/iPadOS, macOS variants, tvOS, visionOS, watchOS), the specific component performing the vulnerable write operation is not named in the public description, indicating Apple may be withholding technical details to avoid aiding exploitation. The local network requirement constrains attack surface to devices sharing network segments, unlike remotely exploitable buffer overflows.

RemediationAI

Vendor-released patches available: upgrade iOS/iPadOS to 18.7.9 or 26.5 or later, macOS Sequoia to 15.7.7 or later, macOS Sonoma to 14.8.7 or later, macOS Tahoe to 26.5 or later, tvOS to 26.5 or later, visionOS to 26.5 or later, and watchOS to 26.5 or later. Patches are delivered via Apple Software Update on each platform. For systems that cannot be patched immediately, restrict network access from untrusted local networks by disabling Wi-Fi connectivity in hostile environments or using network segmentation (VLANs, firewalls) to isolate vulnerable devices from untrusted subnets. This mitigation does not eliminate risk on shared networks (offices, public Wi-Fi) where attackers may be present. Prioritize patching for devices frequently exposed to untrusted local networks (tablets, watches, Macs in offices). Refer to Apple support articles 127110-127120 for detailed patching instructions per device type.

Share

EUVD-2026-29307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy