CVE-2025-43226
BaseFortify
Publication date: 2025-07-30
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 17.7.9 (exc) |
| apple | ipados | From 18.0 (inc) to 18.6 (exc) |
| apple | iphone_os | to 18.6 (exc) |
| apple | macos | to 14.7.7 (exc) |
| apple | macos | From 15.0 (inc) to 15.6 (exc) |
| apple | tvos | to 18.6 (exc) |
| apple | visionos | to 2.6 (exc) |
| apple | watchos | to 11.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read caused by insufficient input validation when processing images. A specially crafted malicious image can trigger this flaw, potentially leading to the disclosure of process memory.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized disclosure of process memory, which may expose sensitive information or data handled by the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: watchOS 11.6, iOS 18.6, iPadOS 18.6 or 17.7.9, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, or visionOS 2.6. Avoid processing untrusted or maliciously crafted images until the update is applied.