CVE-2025-43494
BaseFortify
Publication date: 2025-12-12
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 18.7.2 (exc) |
| apple | ipados | 26.0 |
| apple | iphone_os | to 18.7.2 (exc) |
| apple | iphone_os | 26.0 |
| apple | macos | From 14.0 (inc) to 14.8.2 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.2 (exc) |
| apple | macos | 26.0 |
| apple | visionos | to 26.1 (exc) |
| apple | watchos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker exploiting this vulnerability may be able to cause a persistent denial-of-service, potentially disrupting the normal operation of affected devices.
Can you explain this vulnerability to me?
This vulnerability is a mail header parsing issue that was addressed by improving checks in the affected Apple operating systems. It could allow an attacker to cause a persistent denial-of-service condition.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: watchOS 26.1, iOS 18.7.2 and 26.1, iPadOS 18.7.2 and 26.1, macOS Tahoe 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, and visionOS 26.1. Applying these updates addresses the mail header parsing issue and prevents potential persistent denial-of-service attacks.