CVE-2025-43424
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. A malicious HID device may cause an unexpected process crash.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a flaw in the handling of input from Human Interface Devices (HID) that could allow a malicious HID device to cause an unexpected process crash. The issue was addressed by improving bounds checks in the affected systems.
What immediate steps should I take to mitigate this vulnerability?
Update your iOS or iPadOS devices to version 26.1 or later to apply the fix that addresses this vulnerability.
How can this vulnerability impact me? :
If exploited, this vulnerability could cause an unexpected process crash on affected devices, potentially leading to denial of service or disruption of normal device operation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70