CVE-2025-43520
BaseFortify
Publication date: 2025-12-12
Last updated on: 2026-04-03
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | 26.0 |
| apple | ipados | 26.0 |
| apple | iphone_os | 26.0 |
| apple | macos | From 14.0 (inc) to 14.8.2 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.2 (exc) |
| apple | visionos | to 26.1 (exc) |
| apple | watchos | to 26.1 (exc) |
| apple | tvos | to 26.1 (exc) |
| apple | ipados | to 18.7.2 (exc) |
| apple | iphone_os | to 18.7.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue that occurs due to improper memory handling. It could allow a malicious application to cause unexpected system termination or to write to kernel memory, potentially compromising system stability or security.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a malicious application to cause your system to unexpectedly terminate or to write to kernel memory, which could lead to system crashes, instability, or potentially allow unauthorized actions at the kernel level.
What immediate steps should I take to mitigate this vulnerability?
Apply the security updates provided by Apple for your device's operating system. Specifically, update to watchOS 26.1, iOS 18.7.2 or 26.1, iPadOS 18.7.2 or 26.1, macOS Tahoe 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, visionOS 26.1, or tvOS 26.1 as applicable to your device to address the memory corruption issue.